fix: give the token all available scopes for user

security.py

@@ -143,7 +143,7 @@ async def login_for_access_token(
     allowed_scopes = set(user.scopes.split())
     requested_scopes = set(form_data.scopes)
     access_token = create_access_token(
-        data={"sub": user.username, "scopes": list(allowed_scopes & requested_scopes)},
+        data={"sub": user.username, "scopes": list(allowed_scopes)},
         expires_delta=access_token_expires,
     )
     response.set_cookie(