add new scopes to login (#12383)

Validated login + refresh flows. Removing scopes from the refresh
request until we have upgrade flow in place. Confirmed that tokens
refresh with existing scopes.

codex-rs/core/src/auth.rs

@@ -626,7 +626,6 @@ async fn request_chatgpt_token_refresh(
         client_id: CLIENT_ID,
         grant_type: "refresh_token",
         refresh_token,
-        scope: "openid profile email",
     };
 
     let endpoint = refresh_token_endpoint();
@@ -722,7 +721,6 @@ struct RefreshRequest {
     client_id: &'static str,
     grant_type: &'static str,
     refresh_token: String,
-    scope: &'static str,
 }
 
 #[derive(Deserialize, Clone)]

codex-rs/login/src/server.rs

@@ -431,7 +431,8 @@ fn build_authorize_url(
         ("redirect_uri".to_string(), redirect_uri.to_string()),
         (
             "scope".to_string(),
-            "openid profile email offline_access".to_string(),
+            "openid profile email offline_access api.connectors.read api.connectors.invoke"
+                .to_string(),
         ),
         (
             "code_challenge".to_string(),