feat(auth): Add "offline_access" scope for long-lived refresh tokens

Add the "offline_access" scope when requesting authentication and
refresh tokens. This ensures that the authentication provider issues
long-lived refresh tokens, allowing the CLI to obtain new
access tokens without requiring the user to log in frequently.

This allows for having long-lived refresh tokens for the
CLI, while still having the refresh tokens for the web application
expire after a shorter period of time in case there is no user
activity.

Signed-off-by: Wolfgang Klenk <wolfgang.klenk2@bosch.com>

api/v1/client/src/commonMain/kotlin/auth/AuthService.kt

@@ -37,14 +37,17 @@ class AuthService(
     /**
      * Generate a token for the given [username] and [password].
      */
-    suspend fun generateToken(username: String, password: String): TokenInfo =
+    suspend fun generateToken(username: String, password: String, scopes: Set<String> = emptySet()): TokenInfo =
         client.submitForm(
             url = tokenUrl,
             formParameters = Parameters.build {
                 append("client_id", clientId)
                 append("username", username)
                 append("password", password)
                 append("grant_type", "password")
+                if (scopes.isNotEmpty()) {
+                    append("scope", scopes.joinToString(" "))
+                }
             }
         ).let { response ->
             if (!response.status.isSuccess()) {
@@ -59,13 +62,16 @@ class AuthService(
     /**
      * Refresh the token for the given [refreshToken].
      */
-    suspend fun refreshToken(refreshToken: String): TokenInfo =
+    suspend fun refreshToken(refreshToken: String, scopes: Set<String> = emptySet()): TokenInfo =
         client.submitForm(
             url = tokenUrl,
             formParameters = Parameters.build {
                 append("client_id", clientId)
                 append("refresh_token", refreshToken)
                 append("grant_type", "refresh_token")
+                if (scopes.isNotEmpty()) {
+                    append("scope", scopes.joinToString(" "))
+                }
             }
         ).let { response ->
             if (!response.status.isSuccess()) {

cli/src/main/kotlin/LoginCommand.kt

@@ -75,7 +75,7 @@ class LoginCommand : SuspendingCliktCommand(name = "login") {
             clientId = clientId
         )
 
-        val tokenInfo = authService.generateToken(username, password)
+        val tokenInfo = authService.generateToken(username, password, setOf("offline_access"))
 
         AuthenticationStorage.store(
             HostAuthenticationDetails(

cli/src/main/kotlin/utils/AuthenticationUtils.kt

@@ -68,7 +68,7 @@ private fun createOrtServerClient(authDetails: HostAuthenticationDetails): OrtSe
                             clientId = authDetails.clientId
                         )
 
-                        auth.refreshToken(authDetails.tokens.refresh).also {
+                        auth.refreshToken(authDetails.tokens.refresh, setOf("offline_access")).also {
                             val updatedAuthDetails = authDetails.copy(
                                 tokens = Tokens(it.accessToken, it.refreshToken)
                             )

cli/src/test/kotlin/AuthLoginCommandTest.kt

@@ -45,7 +45,7 @@ class AuthLoginCommandTest : StringSpec({
     "Auth login command" should {
         "store the authentication information in a local file" {
             mockkConstructor(AuthService::class)
-            coEvery { anyConstructed<AuthService>().generateToken("testUser", "testPassword") } returns TokenInfo(
+            coEvery { anyConstructed<AuthService>().generateToken("testUser", "testPassword", setOf("offline_access")) } returns TokenInfo(
                 accessToken = "testAccessToken",
                 refreshToken = "testRefreshToken",
                 expiresInSeconds = 3600