From d3fb09464d191afa14d88d5ad7aac95dbecb9409 Mon Sep 17 00:00:00 2001
From: Christophe Jossart <christophe.jossart@amazeelabs.com>
Date: Wed, 1 Nov 2023 16:42:24 +0100
Subject: [PATCH 1/2] refactor: remove oauth scope for publisher

---
 .../npm/@amazeelabs/publisher/src/core/tools/oAuth2.ts     | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/packages/npm/@amazeelabs/publisher/src/core/tools/oAuth2.ts b/packages/npm/@amazeelabs/publisher/src/core/tools/oAuth2.ts
index 3bb5e2537..4acfc700f 100644
--- a/packages/npm/@amazeelabs/publisher/src/core/tools/oAuth2.ts
+++ b/packages/npm/@amazeelabs/publisher/src/core/tools/oAuth2.ts
@@ -284,7 +284,6 @@ export const getOAuth2AuthorizeUrl = (
   return client.authorizeURL({
     // Set on the OAuth2 provider.
     //redirect_uri: callbackUrl,
-    scope: oAuth2Config.scope,
     // https://auth0.com/docs/secure/attack-protection/state-parameters
     state: encodedState,
   });
@@ -320,11 +319,7 @@ export const isAuthenticated = async (req: Request): Promise<boolean> => {
       result = true;
     } else {
       try {
-        const refreshParams = {
-          grant_type: 'refresh_token',
-          scope: oAuth2Config.scope,
-        };
-        accessToken = await accessToken.refresh(refreshParams);
+        accessToken = await accessToken.refresh();
         persistAccessToken(accessToken, req);
         result = true;
       } catch (error) {

From fa4d236ae6ec0cc7cf4a1efd71d16224200812ac Mon Sep 17 00:00:00 2001
From: Christophe Jossart <christophe.jossart@amazeelabs.com>
Date: Wed, 1 Nov 2023 16:44:09 +0100
Subject: [PATCH 2/2] docs: comment scope usage

---
 packages/npm/@amazeelabs/publisher/publisher.config.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/npm/@amazeelabs/publisher/publisher.config.ts b/packages/npm/@amazeelabs/publisher/publisher.config.ts
index c51f78cd8..32403712f 100644
--- a/packages/npm/@amazeelabs/publisher/publisher.config.ts
+++ b/packages/npm/@amazeelabs/publisher/publisher.config.ts
@@ -17,6 +17,7 @@ export default defineConfig({
   oAuth2: {
     clientId: process.env.OAUTH2_CLIENT_ID || 'publisher',
     clientSecret: process.env.OAUTH2_CLIENT_ID || 'publisher',
+    // Applies for ResourceOwnerPassword only.
     scope: process.env.OAUTH2_SCOPE || 'publisher',
     tokenHost: process.env.OAUTH2_TOKEN_HOST || 'http://127.0.0.1:8888',
     tokenPath: process.env.OAUTH2_TOKEN_PATH || '/oauth/token',