refactor(oidc): Remove method to authorize arbitrary scope

[zecakeh]

Only the scopes necessary during login are specified in MSC2967 now.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 85.81%. Comparing base (f33d104) to head (cd307c1).
Report is 5 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4664      +/-   ##
==========================================
- Coverage   85.82%   85.81%   -0.01%     
==========================================
  Files         292      292              
  Lines       33646    33644       -2     
==========================================
- Hits        28875    28873       -2     
  Misses       4771     4771              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[poljar]

Hmm, I don't really understand where it says that scopes can't be authorized after one has logged in. To be fair I don't remember what the MSC looked like previously.

Any pointers and more info where I can see that this indeed isn't supported anymore?

[zecakeh]

The MSC was changed in matrix-org/matrix-spec-proposals@f65aef3.

There used to be a section called "Insufficient privilege response" that used to say that we could have an error response about an "insufficient scope", and that we needed to request another authorization with the given scope, which is why that method was necessary.

Given that this section was removed, the only use case for the authorization endpoint right now is for logging in, so this method has no use case anymore.

[poljar]

Thanks for the clarification, makes sense.

Could you just get rid of the merge conflict?

[zecakeh]

Done