From 8bd64b8ea3718ce0992b103d327f9604cde3c9df Mon Sep 17 00:00:00 2001
From: Sam <315859133@qq.com>
Date: Fri, 6 Feb 2026 15:49:40 +0800
Subject: [PATCH] fix: remove unregistered 'roles' scope from OAuth2 requests

- Remove 'roles' from .env.development and .env.production
- Remove 'roles' from SeedData.cs
- 403 error was caused by requesting unregistered scope
- All registered scopes: openid, profile, email, api, offline_access
---
 apps/web-ele/.env.development | 2 +-
 apps/web-ele/.env.production  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/web-ele/.env.development b/apps/web-ele/.env.development
index 9a8b24d..983e029 100644
--- a/apps/web-ele/.env.development
+++ b/apps/web-ele/.env.development
@@ -10,7 +10,7 @@ VITE_GLOB_API_URL=http://localhost:5231/api
 VITE_AUTH_SERVICE_URL=http://localhost:5000
 VITE_OAUTH_CLIENT_ID=fengling-console
 VITE_OAUTH_REDIRECT_URI=http://localhost:5777/auth/callback
-VITE_OAUTH_SCOPE=api offline_access openid profile email roles
+VITE_OAUTH_SCOPE=api offline_access openid profile email
 
 # 是否开启 Nitro Mock服务，true 为开启，false 为关闭
 VITE_NITRO_MOCK=false
diff --git a/apps/web-ele/.env.production b/apps/web-ele/.env.production
index 0da55d6..cf55b4a 100644
--- a/apps/web-ele/.env.production
+++ b/apps/web-ele/.env.production
@@ -22,4 +22,4 @@ VITE_ARCHIVER=true
 VITE_AUTH_SERVICE_URL=https://auth.yourdomain.com
 VITE_OAUTH_CLIENT_ID=fengling-console
 VITE_OAUTH_REDIRECT_URI=https://your-app.com/auth/callback
-VITE_OAUTH_SCOPE=api offline_access openid profile email roles
+VITE_OAUTH_SCOPE=api offline_access openid profile email