Please add 'device' to the list of supported scopes

[alesstimec]

Enhancement Proposal

For device flow, we need to add 'device' to the list of supported scopes here https://github.com/canonical/hydra-operator/blob/main/src/charm.py#L77

[syncronize-issues-to-jira]

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/IAM-870.

This message was autogenerated

[nsklikas]

The scopes that are advertised on the openid-configuration endpoint do not have to be the only scopes that are supported from the provider (https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata):

scopes_supported
RECOMMENDED. JSON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports. The server MUST support the openid scope value. Servers MAY choose not to advertise some supported scope values even when this parameter is used, although those defined in [OpenID.Core] SHOULD be listed, if supported.

AFAICT you can create a client with the device scope.

But why do you need the device scope? Is this for some application specific logic? I am asking because this is not needed to perform the device flow.