fix: add scope profile to PAT (#6154)

Co-authored-by: Fabi <fabienne@zitadel.com>

internal/api/grpc/management/user.go

@@ -854,7 +854,7 @@ func (s *Server) ListPersonalAccessTokens(ctx context.Context, req *mgmt_pb.List
 }
 
 func (s *Server) AddPersonalAccessToken(ctx context.Context, req *mgmt_pb.AddPersonalAccessTokenRequest) (*mgmt_pb.AddPersonalAccessTokenResponse, error) {
-	scopes := []string{oidc.ScopeOpenID, z_oidc.ScopeUserMetaData, z_oidc.ScopeResourceOwner}
+	scopes := []string{oidc.ScopeOpenID, oidc.ScopeProfile, z_oidc.ScopeUserMetaData, z_oidc.ScopeResourceOwner}
 	pat := AddPersonalAccessTokenRequestToCommand(req, authz.GetCtxData(ctx).OrgID, scopes, domain.UserTypeMachine)
 	details, err := s.command.AddPersonalAccessToken(ctx, pat)
 	if err != nil {

internal/api/grpc/system/instance_converter.go

@@ -111,7 +111,7 @@ func createInstancePbToAddMachine(req *system_pb.CreateInstanceRequest_Machine,
 	if defaultMachine.Pat != nil || req.PersonalAccessToken != nil {
 		pat := command.AddPat{
 			// Scopes are currently static and can not be overwritten
-			Scopes: []string{oidc.ScopeOpenID, z_oidc.ScopeUserMetaData, z_oidc.ScopeResourceOwner},
+			Scopes: []string{oidc.ScopeOpenID, oidc.ScopeProfile, z_oidc.ScopeUserMetaData, z_oidc.ScopeResourceOwner},
 		}
 		if req.GetPersonalAccessToken().GetExpirationDate().IsValid() {
 			pat.ExpirationDate = req.PersonalAccessToken.ExpirationDate.AsTime()

internal/integration/integration.go

@@ -174,7 +174,7 @@ func (s *Tester) createMachineUser(ctx context.Context, instanceId string) {
 		logging.OnError(err).Fatal("add org member")
 	}
 
-	scopes := []string{oidc.ScopeOpenID, z_oidc.ScopeUserMetaData, z_oidc.ScopeResourceOwner}
+	scopes := []string{oidc.ScopeOpenID, oidc.ScopeProfile, z_oidc.ScopeUserMetaData, z_oidc.ScopeResourceOwner}
 	pat := command.NewPersonalAccessToken(user.ResourceOwner, user.ID, time.Now().Add(time.Hour), scopes, domain.UserTypeMachine)
 	_, err = s.Commands.AddPersonalAccessToken(ctx, pat)
 	logging.OnError(err).Fatal("add pat")