add new scopes to login (openai#12383)

adaley-openai · web-flow · commit 8a593862736e · 2026-03-04T16:41:54.000Z
Validated login + refresh flows. Removing scopes from the refresh
request until we have upgrade flow in place. Confirmed that tokens
refresh with existing scopes.
diff --git a/codex-rs/core/src/auth.rs b/codex-rs/core/src/auth.rs
@@ -626,7 +626,6 @@ async fn request_chatgpt_token_refresh(
         client_id: CLIENT_ID,
         grant_type: "refresh_token",
         refresh_token,
-        scope: "openid profile email",
     };
 
     let endpoint = refresh_token_endpoint();
@@ -722,7 +721,6 @@ struct RefreshRequest {
     client_id: &'static str,
     grant_type: &'static str,
     refresh_token: String,
-    scope: &'static str,
 }
 
 #[derive(Deserialize, Clone)]
diff --git a/codex-rs/login/src/server.rs b/codex-rs/login/src/server.rs
@@ -431,7 +431,8 @@ fn build_authorize_url(
         ("redirect_uri".to_string(), redirect_uri.to_string()),
         (
             "scope".to_string(),
-            "openid profile email offline_access".to_string(),
+            "openid profile email offline_access api.connectors.read api.connectors.invoke"
+                .to_string(),
         ),
         (
             "code_challenge".to_string(),

Original file line number	Diff line number	Diff line change
`@@ -431,7 +431,8 @@ fn build_authorize_url(`
`431`	`431`	`("redirect_uri".to_string(), redirect_uri.to_string()),`
`432`	`432`	`(`
`433`	`433`	`"scope".to_string(),`
`434`		`- "openid profile email offline_access".to_string(),`
	`434`	`+ "openid profile email offline_access api.connectors.read api.connectors.invoke"`
	`435`	`+ .to_string(),`
`435`	`436`	`),`
`436`	`437`	`(`
`437`	`438`	`"code_challenge".to_string(),`