feat: add OAUTH_SCOPES to environment types and update authOptions for dynamic scope handling

.env.example

@@ -9,4 +9,5 @@ OAUTH_ISSUER=
 OAUTH_AUTHORIZATION_URL=
 OAUTH_TOKEN_URL=
 OAUTH_USERINFO_URL=
-OAUTH_JWKS_ENDPOINT=
+OAUTH_JWKS_ENDPOINT=
+OAUTH_SCOPES="openid email profile offline_access"

src/app/types/env.d.ts

@@ -8,5 +8,6 @@ declare namespace NodeJS {
 		OAUTH_USERINFO_URL: string;
 		OAUTH_ISSUER: string;
 		OAUTH_JWKS_ENDPOINT: string;
+		OAUTH_SCOPES: string;
 	}
 }

src/app/types/next-auth.d.ts

@@ -56,7 +56,7 @@ declare module "next-auth/jwt" {
 		accessToken: string;
 		accessTokenExpires: Moment;
 		refreshToken: string;
-		refreshTokenExpires: Moment;
+		refreshTokenExpires: Moment | undefined;
 		error?: string;
 		user: User | AdapterUser;
 	}

src/authOptions.ts

@@ -18,7 +18,7 @@ export const authOptions: AuthOptions = {
 			authorization: {
 				url: process.env.OAUTH_AUTHORIZATION_URL,
 				params: {
-					scope: "openid email profile",
+					scope: process.env.OAUTH_SCOPES,
 					response_type: "code",
 				},
 			},
@@ -49,10 +49,11 @@ export const authOptions: AuthOptions = {
 				token.refreshToken = account.refresh_token;
 
 				token.accessTokenExpires = moment.unix(account.expires_at);
-				token.refreshTokenExpires = moment().add(
-					account.refresh_expires_in,
-					"seconds",
-				);
+
+				token.refreshTokenExpires =
+					account.refresh_expires_in != 0
+						? moment().add(account.refresh_expires_in, "seconds")
+						: undefined;
 
 				const accessTokenDecode = jsonwebtoken.decode(
 					account.access_token,