Group OAuth2 consent scopes into a collapsible section

[ChiragAgg5k]

What

Reworks the console OAuth2 consent screen so a broad scope request renders cleanly instead of as an endless flat list.

Before, every requested scope was a separate row. A request for account.admin plus the dozens of granular console scopes (teams.read, teams.write, project.read, …) produced a list that ran far past the fold.

Now:

• account.admin (full access) and the OIDC identity scopes (openid/profile/email) stay as always-visible rows at the top.
• Every other granular scope is grouped by resource and tucked into a single collapsible "App permissions" accordion (collapsed by default, with a count badge). Each resource shows its requested actions as compact Read / Write tags.

Notes

• Read-only for now. Letting the user select a subset of scopes was considered but the backend approve endpoint has no scopes parameter — it always issues the token with the scopes frozen at authorize time — so per-scope selection would be cosmetic. Deferred until the server supports downscoping.
• Also bumps @appwrite.io/console to the published 15.1.0, lets the consent layout scroll a tall card instead of clipping it, and forwards the RFC 8707 resource indicator through authorize.

Implementation

• src/lib/helpers/oauth2-scopes.ts — new groupConsentScopes() that splits granular scopes into { admin, identity, groups }, bucketing by resource prefix (handles multi-segment resources like backups.policies.read).
• src/routes/(public)/oauth2/consent-card.svelte — renders the admin/identity rows plus the grouped accordion.

Verification

bun run format, bun run check (0 errors), and bun run lint (0 errors) all pass.

[greptile-apps]

Greptile Summary

Reworks the OAuth2 consent screen to replace a long flat scope list with a collapsible "App permissions" accordion grouped by resource. account.admin and OIDC identity scopes remain as always-visible rows; every other granular scope is bucketed by resource prefix with compact Read/Write action tags. Also fixes the layout to scroll tall cards instead of clipping them, bumps @appwrite.io/console to the published 15.1.0, and correctly forwards the RFC 8707 resource parameter via params.get('resource').

• groupConsentScopes() in oauth2-scopes.ts correctly handles multi-segment resources (backups.policies.write), deduplicates actions within a group, and preserves the minimal-OIDC fallback for a bare openid-only request.
• Layout fix replaces fixed centering with overflow-y: auto + flex: 1 0 auto so a tall card scrolls instead of being cut off above the fold.

Confidence Score: 5/5

Safe to merge — the scope grouping logic is correct and consistent with the pre-existing describeConsentScopes, the layout change is straightforward CSS, and the resource parameter forwarding uses the standard params.get form.

The new groupConsentScopes helper correctly handles all scope variants, deduplicates actions, and preserves the openid-only fallback. The consent card refactor only affects presentation, not which grant is approved or what token is issued. Only a minor cosmetic padding asymmetry was found.

consent-card.svelte — the .scope-group-list missing padding-inline-start may leave icons slightly misaligned inside the accordion, but this has no functional impact.

Important Files Changed

Filename	Overview
src/lib/helpers/oauth2-scopes.ts	Adds groupConsentScopes() with correct multi-segment scope splitting, deduplication, and minimal-OIDC fallback; logic is sound and consistent with the pre-existing describeConsentScopes.
src/routes/(public)/oauth2/consent-card.svelte	Replaces flat scope list with admin/identity rows plus a grouped Accordion; minor padding asymmetry in .scope-group-list (no padding-inline-start) may leave the icon flush against the accordion's left edge.
src/routes/(public)/oauth2/+layout.svelte	Replaces fixed centering with overflow-y:auto + flex:1 0 auto so tall consent cards scroll correctly rather than being clipped; clean CSS-only layout fix.
src/routes/(public)/oauth2/consent/+page.svelte	Forwards the RFC 8707 resource parameter using params.get('resource'), correctly addressing the previous thread's concern about the bracket-index form.
package.json	Bumps @appwrite.io/console from a private pkg.vc git reference to the published 15.1.0 semver release; bun.lock updated accordingly.

_{Reviews (2): Last reviewed commit: "(fix): read the resource indicator from ..." | Re-trigger Greptile}