fix(auth): add 'profile' as a non-write scope alias

gerfalcon · gerfalcon · commit cb1a586ada44 · 2026-03-23T11:17:28.000+04:00
'profile' is a standard OpenID Connect alias for
userinfo.profile and does not grant write access.
Without this, --scopes=profile would incorrectly
classify the session as having write access.
diff --git a/src/auth_commands.rs b/src/auth_commands.rs
@@ -154,6 +154,7 @@ fn is_non_write_scope(scope: &str) -> bool {
         || scope == "openid"
         || scope.starts_with("https://www.googleapis.com/auth/userinfo.")
         || scope == "email"
+        || scope == "profile"
 }
 
 /// Returns true if the saved scopes are all read-only.
@@ -2369,6 +2370,7 @@ mod tests {
         assert!(is_non_write_scope("https://www.googleapis.com/auth/gmail.readonly"));
         assert!(is_non_write_scope("openid"));
         assert!(is_non_write_scope("email"));
+        assert!(is_non_write_scope("profile"));
         assert!(is_non_write_scope("https://www.googleapis.com/auth/userinfo.email"));
 
         // Write scopes are not non-write
