diff --git a/userfront/lib/features/auth/domain/consent_scope_policy.dart b/userfront/lib/features/auth/domain/consent_scope_policy.dart index 3bfa1e60..ad7b3dec 100644 --- a/userfront/lib/features/auth/domain/consent_scope_policy.dart +++ b/userfront/lib/features/auth/domain/consent_scope_policy.dart @@ -1,11 +1,11 @@ -bool isRefreshTokenScopeAlias(String scope) { +bool isOfflineScopeAlias(String scope) { final normalized = scope.trim().toLowerCase(); - return normalized == 'offline' || normalized == 'offline_access'; + return normalized == 'offline'; } List filterConsentScopes(Iterable scopes) { return scopes .map((scope) => scope.trim()) - .where((scope) => scope.isNotEmpty && !isRefreshTokenScopeAlias(scope)) + .where((scope) => scope.isNotEmpty && !isOfflineScopeAlias(scope)) .toList(growable: false); } diff --git a/userfront/test/consent_scope_policy_test.dart b/userfront/test/consent_scope_policy_test.dart index 909b60c1..4e873fcf 100644 --- a/userfront/test/consent_scope_policy_test.dart +++ b/userfront/test/consent_scope_policy_test.dart @@ -3,7 +3,7 @@ import 'package:userfront/features/auth/domain/consent_scope_policy.dart'; void main() { group('consent scope policy', () { - test('filters offline scope aliases from requested consent scopes', () { + test('keeps offline_access visible and filters only offline', () { expect( filterConsentScopes([ 'openid', @@ -12,14 +12,14 @@ void main() { 'offline_access', 'email', ]), - ['openid', 'profile', 'email'], + ['openid', 'profile', 'offline_access', 'email'], ); }); - test('detects refresh token scope aliases case-insensitively', () { - expect(isRefreshTokenScopeAlias('OFFLINE'), isTrue); - expect(isRefreshTokenScopeAlias(' offline_access '), isTrue); - expect(isRefreshTokenScopeAlias('profile'), isFalse); + test('detects offline scope alias case-insensitively', () { + expect(isOfflineScopeAlias('OFFLINE'), isTrue); + expect(isOfflineScopeAlias(' offline_access '), isFalse); + expect(isOfflineScopeAlias('profile'), isFalse); }); }); }