From 207cbdebfd257ce9588d68d49fce6c4390edddd2 Mon Sep 17 00:00:00 2001
From: Hugh Nimmo-Smith <hughns@users.noreply.github.com>
Date: Thu, 11 Aug 2022 11:47:10 +0100
Subject: [PATCH] Request all required OIDC scopes + grant_types (#154)

* Request all required OIDC scopes on auth
* User real TOS and Policy URLs for OIDC
* Request refresh_token grant type when registering client
* Use unstable OIDC scope prefixes
---
 .../Authentication/AuthenticationServiceProxy.swift         | 2 +-
 ElementX/Sources/Services/Authentication/OIDCService.swift  | 6 +++---
 changelog.d/pr-154.change                                   | 1 +
 3 files changed, 5 insertions(+), 4 deletions(-)
 create mode 100644 changelog.d/pr-154.change

diff --git a/ElementX/Sources/Services/Authentication/AuthenticationServiceProxy.swift b/ElementX/Sources/Services/Authentication/AuthenticationServiceProxy.swift
index 766e4fb951..1a46ecd05a 100644
--- a/ElementX/Sources/Services/Authentication/AuthenticationServiceProxy.swift
+++ b/ElementX/Sources/Services/Authentication/AuthenticationServiceProxy.swift
@@ -81,7 +81,7 @@ class AuthenticationServiceProxy: AuthenticationServiceProxyProtocol {
             let registationResponse = try await oidcService.registerClient(metadata: configuration)
             let authResponse = try await oidcService.presentWebAuthentication(metadata: configuration,
                                                                               clientID: registationResponse.clientID,
-                                                                              scope: "urn:matrix:device:\(deviceID)",
+                                                                              scope: "openid urn:matrix:org.matrix.msc2967.client:api:* urn:matrix:org.matrix.msc2967.client:device:\(deviceID)",
                                                                               userAgent: userAgent)
             let tokenResponse = try await oidcService.redeemCodeForTokens(authResponse: authResponse)
             
diff --git a/ElementX/Sources/Services/Authentication/OIDCService.swift b/ElementX/Sources/Services/Authentication/OIDCService.swift
index af70edcfa9..58ef2352a8 100644
--- a/ElementX/Sources/Services/Authentication/OIDCService.swift
+++ b/ElementX/Sources/Services/Authentication/OIDCService.swift
@@ -61,15 +61,15 @@ class OIDCService {
         let extraParams = [
             "client_name": "ElementX iOS",
             "client_uri": "https://element.io",
-            "tos_uri": "https://example.com/tos",
-            "policy_uri": "https://example.com/policy"
+            "tos_uri": "https://element.io/user-terms-of-service",
+            "policy_uri": "https://element.io/privacy"
         ]
         
         let nonTemplatizedRequest = OIDRegistrationRequest(
             configuration: metadata,
             redirectURIs: [redirectURI],
             responseTypes: nil,
-            grantTypes: [OIDGrantTypeAuthorizationCode],
+            grantTypes: [OIDGrantTypeAuthorizationCode, OIDGrantTypeRefreshToken],
             subjectType: nil,
             tokenEndpointAuthMethod: "none",
             additionalParameters: extraParams
diff --git a/changelog.d/pr-154.change b/changelog.d/pr-154.change
new file mode 100644
index 0000000000..c2b59ec129
--- /dev/null
+++ b/changelog.d/pr-154.change
@@ -0,0 +1 @@
+Use unstable MSC2967 values for OIDC scopes + client registration metadata updates.
\ No newline at end of file