eclipse-apoapsis · wkl3nk · Feb 3, 2025
@@ -35,16 +35,19 @@ class AuthService(
     private val clientId: String
 ) {
     /**
-     * Generate a token for the given [username] and [password].
+     * Generate a token for the given [username] and [password] using password grant type with optional [scopes].
      */
-    suspend fun generateToken(username: String, password: String): TokenInfo =
+    suspend fun generateToken(username: String, password: String, scopes: Set<String> = emptySet()): TokenInfo =
         client.submitForm(
             url = tokenUrl,
             formParameters = Parameters.build {
                 append("client_id", clientId)
                 append("username", username)
                 append("password", password)
                 append("grant_type", "password")
+                if (scopes.isNotEmpty()) {
+                    append("scope", scopes.joinToString(" "))
+                }
             }
         ).let { response ->
             if (!response.status.isSuccess()) {
@@ -57,15 +60,18 @@ class AuthService(
         }
 
     /**
-     * Refresh the token for the given [refreshToken].
+     * Refresh the tokens for the given [refreshToken] with optional [scopes].
      */
-    suspend fun refreshToken(refreshToken: String): TokenInfo =
+    suspend fun refreshToken(refreshToken: String, scopes: Set<String> = emptySet()): TokenInfo =
         client.submitForm(
             url = tokenUrl,
             formParameters = Parameters.build {
                 append("client_id", clientId)
                 append("refresh_token", refreshToken)
                 append("grant_type", "refresh_token")
+                if (scopes.isNotEmpty()) {
+                    append("scope", scopes.joinToString(" "))
+                }
             }
         ).let { response ->
             if (!response.status.isSuccess()) {

@@ -75,7 +75,7 @@ class LoginCommand : SuspendingCliktCommand(name = "login") {
             clientId = clientId
         )
 
-        val tokenInfo = authService.generateToken(username, password)
+        val tokenInfo = authService.generateToken(username, password, setOf("offline_access"))
 
         AuthenticationStorage.store(
             HostAuthenticationDetails(

@@ -68,7 +68,7 @@ private fun createOrtServerClient(authDetails: HostAuthenticationDetails): OrtSe
                             clientId = authDetails.clientId
                         )
 
-                        auth.refreshToken(authDetails.tokens.refresh).also {
+                        auth.refreshToken(authDetails.tokens.refresh, setOf("offline_access")).also {
                             val updatedAuthDetails = authDetails.copy(
                                 tokens = Tokens(it.accessToken, it.refreshToken)
                             )

@@ -45,7 +45,9 @@ class AuthLoginCommandTest : StringSpec({
     "Auth login command" should {
         "store the authentication information in a local file" {
             mockkConstructor(AuthService::class)
-            coEvery { anyConstructed<AuthService>().generateToken("testUser", "testPassword") } returns TokenInfo(
+            coEvery {
+                anyConstructed<AuthService>().generateToken("testUser", "testPassword", setOf("offline_access"))
+            } returns TokenInfo(
                 accessToken = "testAccessToken",
                 refreshToken = "testRefreshToken",
                 expiresInSeconds = 3600