diff --git a/internal/auth/auth.go b/internal/auth/auth.go index 426e448ef..5e26abe10 100644 --- a/internal/auth/auth.go +++ b/internal/auth/auth.go @@ -26,22 +26,56 @@ const ( var requiredScopes = []string{ "openid", "offline_access", // <-- to get a refresh token. - "create:clients", "delete:clients", "read:clients", "update:clients", - "create:resource_servers", "delete:resource_servers", "read:resource_servers", "update:resource_servers", - "create:roles", "delete:roles", "read:roles", "update:roles", - "create:rules", "delete:rules", "read:rules", "update:rules", - "create:users", "delete:users", "read:users", "update:users", - "read:branding", "update:branding", - "read:email_templates", "update:email_templates", - "read:connections", "update:connections", - "read:client_keys", "read:logs", "read:tenant_settings", - "read:custom_domains", "create:custom_domains", "update:custom_domains", "delete:custom_domains", + "read:client_grants", "create:client_grants", "delete:client_grants", "update:client_grants", + "read:users", "update:users", "delete:users", "create:users", + "read:users_app_metadata", "update:users_app_metadata", "delete:users_app_metadata", "create:users_app_metadata", "read:user_custom_blocks", + "create:user_custom_blocks", "delete:user_custom_blocks", + "create:user_tickets", + "read:clients", "update:clients", "delete:clients", "create:clients", + "read:client_keys", "update:client_keys", "delete:client_keys", "create:client_keys", + "read:connections", "update:connections", "delete:connections", "create:connections", + "read:resource_servers", "update:resource_servers", "delete:resource_servers", "create:resource_servers", + "read:device_credentials", "update:device_credentials", "delete:device_credentials", "create:device_credentials", + "read:rules", "update:rules", "delete:rules", "create:rules", + "read:rules_configs", "update:rules_configs", "delete:rules_configs", + "read:hooks", "update:hooks", "delete:hooks", "create:hooks", + "read:actions", "update:actions", "delete:actions", "create:actions", + "read:email_provider", "update:email_provider", "delete:email_provider", "create:email_provider", + "blacklist:tokens", + "read:stats", + "read:insights", + "read:tenant_settings", "update:tenant_settings", + "read:logs", + "read:logs_users", + "read:shields", "create:shields", "update:shields", "delete:shields", "read:anomaly_blocks", "delete:anomaly_blocks", - "create:log_streams", "delete:log_streams", "read:log_streams", "update:log_streams", - "create:actions", "delete:actions", "read:actions", "update:actions", - "create:organizations", "delete:organizations", "read:organizations", "update:organizations", "read:organization_members", "read:organization_member_roles", + "update:triggers", "read:triggers", + "read:grants", "delete:grants", + "read:guardian_factors", "update:guardian_factors", + "read:guardian_enrollments", "delete:guardian_enrollments", + "create:guardian_enrollment_tickets", + "read:user_idp_tokens", + "create:passwords_checking_job", "delete:passwords_checking_job", + "read:custom_domains", "delete:custom_domains", "create:custom_domains", "update:custom_domains", + "read:email_templates", "create:email_templates", "update:email_templates", + "read:mfa_policies", "update:mfa_policies", + "read:roles", "create:roles", "delete:roles", "update:roles", "read:prompts", "update:prompts", + "read:branding", "update:branding", "delete:branding", + "read:log_streams", "create:log_streams", "delete:log_streams", "update:log_streams", + "create:signing_keys", + "read:signing_keys", "update:signing_keys", + "read:limits", "update:limits", + "read:role_members", "create:role_members", "delete:role_members", + "read:entitlements", "read:attack_protection", "update:attack_protection", + "read:organizations", "update:organizations", "create:organizations", "delete:organizations", + "create:organization_members", "read:organization_members", "delete:organization_members", + "create:organization_connections", "read:organization_connections", "update:organization_connections", "delete:organization_connections", + "create:organization_member_roles", "read:organization_member_roles", "delete:organization_member_roles", + "create:organization_invitations", "read:organization_invitations", "delete:organization_invitations", + "read:organizations_summary", + "create:actions_log_sessions", } // Authenticator is used to facilitate the login process.