From ea75d8e832c1a30fe4fcf6562ee5d65f49513c4d Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Tue, 3 Jun 2025 01:41:42 +0200
Subject: [PATCH] Include requested scopes in oauth client registration

This can be used on the oauth server side to enforce that no additional
scopes are added.
---
 snikket_web/prosodyclient.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/snikket_web/prosodyclient.py b/snikket_web/prosodyclient.py
index 352805e..ef785cd 100644
--- a/snikket_web/prosodyclient.py
+++ b/snikket_web/prosodyclient.py
@@ -474,6 +474,7 @@ class ProsodyClient:
             ],
             "grant_types": ["password"],
             "response_types": ["code"],
+            "scope": " ".join([SCOPE_RESTRICTED, SCOPE_DEFAULT, SCOPE_ADMIN]),
             "software_version": _version.version,
         }
         async with self._plain_session as session: