diff --git a/internal/configuration/validator/const.go b/internal/configuration/validator/const.go
index bfd6eead..d97b6459 100644
--- a/internal/configuration/validator/const.go
+++ b/internal/configuration/validator/const.go
@@ -307,7 +307,7 @@ var validACLRulePolicies = []string{policyBypass, policyOneFactor, policyTwoFact
var validDefault2FAMethods = []string{"totp", "webauthn", "mobile_push"}
-var validOIDCScopes = []string{oidc.ScopeOpenID, oidc.ScopeEmail, oidc.ScopeProfile, oidc.ScopeGroups, "offline_access"}
+var validOIDCScopes = []string{oidc.ScopeOpenID, oidc.ScopeEmail, oidc.ScopeProfile, oidc.ScopeGroups, oidc.ScopeOfflineAccess}
var validOIDCGrantTypes = []string{"implicit", "refresh_token", "authorization_code", "password", "client_credentials"}
var validOIDCResponseModes = []string{"form_post", "query", "fragment"}
var validOIDCUserinfoAlgorithms = []string{"none", "RS256"}
diff --git a/internal/handlers/const.go b/internal/handlers/const.go
index 3eea1161..a43fa75b 100644
--- a/internal/handlers/const.go
+++ b/internal/handlers/const.go
@@ -28,10 +28,6 @@ var (
headerRemoteEmail = []byte("Remote-Email")
)
-var (
- headerContentTypeValueTextPlain = []byte("text/plain; charset=utf-8")
-)
-
const (
// Forbidden means the user is forbidden the access to a resource.
Forbidden authorizationMatching = iota
diff --git a/internal/handlers/response.go b/internal/handlers/response.go
index 0908a5a6..4ff8a227 100644
--- a/internal/handlers/response.go
+++ b/internal/handlers/response.go
@@ -250,7 +250,9 @@ func respondUnauthorized(ctx *middlewares.AutheliaCtx, message string) {
// *fasthttp.RequestCtx or *middlewares.AutheliaCtx.
func SetStatusCodeResponse(ctx *fasthttp.RequestCtx, statusCode int) {
ctx.Response.Reset()
- ctx.SetContentTypeBytes(headerContentTypeValueTextPlain)
+
+ middlewares.SetContentTypeTextPlain(ctx)
+
ctx.SetStatusCode(statusCode)
ctx.SetBodyString(fmt.Sprintf("%d %s", statusCode, fasthttp.StatusMessage(statusCode)))
}
diff --git a/internal/middlewares/util.go b/internal/middlewares/util.go
new file mode 100644
index 00000000..23f58f01
--- /dev/null
+++ b/internal/middlewares/util.go
@@ -0,0 +1,15 @@
+package middlewares
+
+import (
+ "github.com/valyala/fasthttp"
+)
+
+// SetContentTypeApplicationJSON sets the Content-Type header to `application/json; charset=utf8`.
+func SetContentTypeApplicationJSON(ctx *fasthttp.RequestCtx) {
+ ctx.SetContentTypeBytes(contentTypeApplicationJSON)
+}
+
+// SetContentTypeTextPlain sets the Content-Type header to `text/plain; charset=utf8`.
+func SetContentTypeTextPlain(ctx *fasthttp.RequestCtx) {
+ ctx.SetContentTypeBytes(contentTypeTextPlain)
+}
diff --git a/internal/server/asset.go b/internal/server/asset.go
index 7f106e19..4df0d421 100644
--- a/internal/server/asset.go
+++ b/internal/server/asset.go
@@ -10,6 +10,7 @@ import (
"github.com/valyala/fasthttp"
"github.com/valyala/fasthttp/fasthttpadaptor"
+ "github.com/authelia/authelia/v4/internal/middlewares"
"github.com/authelia/authelia/v4/internal/utils"
)
@@ -65,7 +66,8 @@ func newLocalesEmbeddedHandler() (handler fasthttp.RequestHandler) {
}
}
- ctx.SetContentType("application/json")
+ middlewares.SetContentTypeApplicationJSON(ctx)
+
ctx.SetBody(data)
}
}
diff --git a/internal/server/locales/en/portal.json b/internal/server/locales/en/portal.json
index ea306ef0..4cce0910 100644
--- a/internal/server/locales/en/portal.json
+++ b/internal/server/locales/en/portal.json
@@ -5,6 +5,7 @@
"Access your profile information": "Access your profile information",
"An email has been sent to your address to complete the process": "An email has been sent to your address to complete the process.",
"Authenticated": "Authenticated",
+ "Automatically refresh these permissions without user interaction": "Automatically refresh these permissions without user interaction",
"Cancel": "Cancel",
"Client ID": "Client ID: {{client_id}}",
"Consent Request": "Consent Request",
diff --git a/web/src/views/LoginPortal/ConsentView/ConsentView.tsx b/web/src/views/LoginPortal/ConsentView/ConsentView.tsx
index a8fa246f..83727e70 100644
--- a/web/src/views/LoginPortal/ConsentView/ConsentView.tsx
+++ b/web/src/views/LoginPortal/ConsentView/ConsentView.tsx
@@ -1,6 +1,6 @@
import React, { useEffect, Fragment, ReactNode, useState } from "react";
-import { AccountBox, CheckBox, Contacts, Drafts, Group } from "@mui/icons-material";
+import { AccountBox, Autorenew, CheckBox, Contacts, Drafts, Group } from "@mui/icons-material";
import {
Button,
Grid,
@@ -33,6 +33,8 @@ function scopeNameToAvatar(id: string) {
switch (id) {
case "openid":
return ;
+ case "offline_access":
+ return ;
case "profile":
return ;
case "groups":
@@ -85,6 +87,8 @@ const ConsentView = function (props: Props) {
switch (id) {
case "openid":
return translate("Use OpenID to verify your identity");
+ case "offline_access":
+ return translate("Automatically refresh these permissions without user interaction");
case "profile":
return translate("Access your profile information");
case "groups":