fix(oauth): drop ungrantable JSM Forms scopes from Jira scope list (#4960)

* fix(oauth): drop ungrantable JSM Forms scopes from Jira scope list

Atlassian never published read/write/delete:form:jira-service-management to
the OAuth 2.0 (3LO) or Forge scope catalogs, so no OAuth app can be configured
with them and the authorize flow silently omits them from every grant. Because
the credential check hard-requires the full canonical list, every Jira
credential showed a permanent 'Additional permissions required' banner that
'Update access' could never clear. No granted credential has ever held these
scopes, and no saved workflow uses the JSM forms operations, so removal
changes no working behavior.

* fix(secrets): keep a fixed-length value mask for read-only viewers

The viewer mask was derived from the value's length, but the server now
withholds workspace secret values from non-admins (empty string), so the
bullets disappeared entirely for read-only users. Always render a
fixed-length mask for viewers — matching the component's documented
behavior — which also stops leaking the secret's length.

Author: waleedlatif1

apps/sim/app/workspace/[workspaceId]/settings/components/secrets/components/secret-value-field/secret-value-field.tsx

@@ -6,6 +6,13 @@ import { ChipInput } from '@/components/emcn'
 
 const BULLET = '\u2022'
 
+/**
+ * Viewers always see this many bullets regardless of the real value, which the
+ * server withholds (empty string) for non-admins. A fixed length also avoids
+ * leaking the secret's length.
+ */
+const VIEWER_MASK_LENGTH = 10
+
 type SecretValueFieldProps = Omit<
   ComponentProps<'input'>,
   'type' | 'value' | 'onChange' | 'readOnly'
@@ -50,7 +57,7 @@ export function SecretValueField({
   const [focused, setFocused] = useState(false)
   const editable = canEdit && !readOnly
   const maskActive = canEdit && !unmasked && !focused
-  const displayValue = canEdit ? value : value ? BULLET.repeat(value.length) : ''
+  const displayValue = canEdit ? value : BULLET.repeat(VIEWER_MASK_LENGTH)
 
   const mergedStyle: CSSProperties | undefined = maskActive
     ? ({ ...style, WebkitTextSecurity: 'disc' } as CSSProperties)

apps/sim/lib/oauth/oauth.ts

@@ -541,9 +541,6 @@ export const OAUTH_PROVIDERS: Record<string, OAuthProviderConfig> = {
           'write:request.participant:jira-service-management',
           'read:request.approval:jira-service-management',
           'write:request.approval:jira-service-management',
-          'read:form:jira-service-management',
-          'write:form:jira-service-management',
-          'delete:form:jira-service-management',
         ],
       },
     },

apps/sim/lib/oauth/utils.ts

@@ -201,9 +201,6 @@ export const SCOPE_DESCRIPTIONS: Record<string, string> = {
     'Add and remove participants from customer requests',
   'read:request.approval:jira-service-management': 'View approvals on customer requests',
   'write:request.approval:jira-service-management': 'Approve or decline customer requests',
-  'read:form:jira-service-management': 'View JSM forms and templates',
-  'write:form:jira-service-management': 'Attach, save, and submit JSM forms',
-  'delete:form:jira-service-management': 'Delete JSM forms',
 
   // Microsoft scopes
   'User.Read': 'Read Microsoft user',