From 02d9f877b58094bcf0a90051d343404c6091c8b3 Mon Sep 17 00:00:00 2001
From: Serge Smertin <259697+nfx@users.noreply.github.com>
Date: Wed, 5 Apr 2023 10:18:13 +0200
Subject: [PATCH] Make `bricks auth` use `all-apis` scope (#304)

## Changes
Use `all-apis` scope, so that we can use the issued token for SCIM APIs.
The production environment has to be tuned in order to enable `all-apis`
scope for a specific account.

## Tests
Manual
---
 libs/auth/oauth.go | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/libs/auth/oauth.go b/libs/auth/oauth.go
index 0777cf512..899d8e877 100644
--- a/libs/auth/oauth.go
+++ b/libs/auth/oauth.go
@@ -201,18 +201,7 @@ func (a *PersistentAuth) oauth2Config() (*oauth2.Config, error) {
 	// taxonomy of all scopes ready and implemented.
 	scopes := []string{
 		"offline_access",
-		"unity-catalog",
-		"accounts",
-		"clusters",
-		"mlflow",
-		"scim",
-		"sql",
-	}
-	if a.AccountID != "" {
-		scopes = []string{
-			"offline_access",
-			"accounts",
-		}
+		"all-apis",
 	}
 	endpoints, err := a.oidcEndpoints()
 	if err != nil {