include links to openid documentation for offline access scope

Author: jsourcebot

docs/docs/features/ask/connectors.mdx

@@ -83,7 +83,8 @@ Changing connector scopes requires all users to re-authenticate with that connec
 </Warning>
 
 <Note>
-`offline_access` is pre-selected when you add a connector that offers it because token refresh requires it. You can untick it to opt out of refresh tokens, but users will need to re-authenticate every time their access token expires. Some connectors (such as Atlassian) reject authorization entirely without it.
+`offline_access` is pre-selected when you add a connector that offers it because token refresh requires it. You can deselect it to opt out of refresh tokens, but users will need to re-authenticate every time their access token expires. Some connectors, such as Atlassian, reject authorization entirely without it.
+For more information, see the [OpenID Connect `offline_access` documentation](https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess).
 </Note>
 
 ## Tool Permissions
@@ -127,4 +128,3 @@ You can see all available connectors on this page. After you connect one, you ca
   </Frame>
 </div>
 
-

packages/web/src/ee/features/chat/mcp/oauthScopeUtils.ts

@@ -6,6 +6,7 @@ export const OAUTH_SCOPE_TOKEN_REGEX = /^[\x21\x23-\x5B\x5D-\x7E]+$/;
 // Atlassian only honour that grant when this scope is included in the authorization request,
 // so the admin UI pre-selects it whenever the connector advertises it. Admins can still
 // untick it to opt out of refresh tokens.
+// See https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess
 export const OFFLINE_ACCESS_SCOPE = 'offline_access';
 
 export function normalizeMcpRequestedOAuthScopes(oauthScopes: string[]): string[] {