diff --git a/internal/configuration/validator/const.go b/internal/configuration/validator/const.go
index bfd6eead7..d97b64596 100644
--- a/internal/configuration/validator/const.go
+++ b/internal/configuration/validator/const.go
@@ -307,7 +307,7 @@ var validACLRulePolicies = []string{policyBypass, policyOneFactor, policyTwoFact
 
 var validDefault2FAMethods = []string{"totp", "webauthn", "mobile_push"}
 
-var validOIDCScopes = []string{oidc.ScopeOpenID, oidc.ScopeEmail, oidc.ScopeProfile, oidc.ScopeGroups, "offline_access"}
+var validOIDCScopes = []string{oidc.ScopeOpenID, oidc.ScopeEmail, oidc.ScopeProfile, oidc.ScopeGroups, oidc.ScopeOfflineAccess}
 var validOIDCGrantTypes = []string{"implicit", "refresh_token", "authorization_code", "password", "client_credentials"}
 var validOIDCResponseModes = []string{"form_post", "query", "fragment"}
 var validOIDCUserinfoAlgorithms = []string{"none", "RS256"}
diff --git a/internal/handlers/const.go b/internal/handlers/const.go
index 3eea1161a..a43fa75b9 100644
--- a/internal/handlers/const.go
+++ b/internal/handlers/const.go
@@ -28,10 +28,6 @@ var (
 	headerRemoteEmail     = []byte("Remote-Email")
 )
 
-var (
-	headerContentTypeValueTextPlain = []byte("text/plain; charset=utf-8")
-)
-
 const (
 	// Forbidden means the user is forbidden the access to a resource.
 	Forbidden authorizationMatching = iota
diff --git a/internal/handlers/response.go b/internal/handlers/response.go
index 0908a5a6f..4ff8a2276 100644
--- a/internal/handlers/response.go
+++ b/internal/handlers/response.go
@@ -250,7 +250,9 @@ func respondUnauthorized(ctx *middlewares.AutheliaCtx, message string) {
 // *fasthttp.RequestCtx or *middlewares.AutheliaCtx.
 func SetStatusCodeResponse(ctx *fasthttp.RequestCtx, statusCode int) {
 	ctx.Response.Reset()
-	ctx.SetContentTypeBytes(headerContentTypeValueTextPlain)
+
+	middlewares.SetContentTypeTextPlain(ctx)
+
 	ctx.SetStatusCode(statusCode)
 	ctx.SetBodyString(fmt.Sprintf("%d %s", statusCode, fasthttp.StatusMessage(statusCode)))
 }
diff --git a/internal/middlewares/util.go b/internal/middlewares/util.go
new file mode 100644
index 000000000..23f58f01a
--- /dev/null
+++ b/internal/middlewares/util.go
@@ -0,0 +1,15 @@
+package middlewares
+
+import (
+	"github.com/valyala/fasthttp"
+)
+
+// SetContentTypeApplicationJSON sets the Content-Type header to `application/json; charset=utf8`.
+func SetContentTypeApplicationJSON(ctx *fasthttp.RequestCtx) {
+	ctx.SetContentTypeBytes(contentTypeApplicationJSON)
+}
+
+// SetContentTypeTextPlain sets the Content-Type header to `text/plain; charset=utf8`.
+func SetContentTypeTextPlain(ctx *fasthttp.RequestCtx) {
+	ctx.SetContentTypeBytes(contentTypeTextPlain)
+}
diff --git a/internal/server/asset.go b/internal/server/asset.go
index 7f106e19a..4df0d4211 100644
--- a/internal/server/asset.go
+++ b/internal/server/asset.go
@@ -10,6 +10,7 @@ import (
 	"github.com/valyala/fasthttp"
 	"github.com/valyala/fasthttp/fasthttpadaptor"
 
+	"github.com/authelia/authelia/v4/internal/middlewares"
 	"github.com/authelia/authelia/v4/internal/utils"
 )
 
@@ -65,7 +66,8 @@ func newLocalesEmbeddedHandler() (handler fasthttp.RequestHandler) {
 			}
 		}
 
-		ctx.SetContentType("application/json")
+		middlewares.SetContentTypeApplicationJSON(ctx)
+
 		ctx.SetBody(data)
 	}
 }
diff --git a/internal/server/locales/en/portal.json b/internal/server/locales/en/portal.json
index ea306ef0e..4cce09100 100644
--- a/internal/server/locales/en/portal.json
+++ b/internal/server/locales/en/portal.json
@@ -5,6 +5,7 @@
 	"Access your profile information": "Access your profile information",
 	"An email has been sent to your address to complete the process": "An email has been sent to your address to complete the process.",
 	"Authenticated": "Authenticated",
+	"Automatically refresh these permissions without user interaction": "Automatically refresh these permissions without user interaction",
 	"Cancel": "Cancel",
 	"Client ID": "Client ID: {{client_id}}",
 	"Consent Request": "Consent Request",
diff --git a/web/src/views/LoginPortal/ConsentView/ConsentView.tsx b/web/src/views/LoginPortal/ConsentView/ConsentView.tsx
index a8fa246f6..83727e70e 100644
--- a/web/src/views/LoginPortal/ConsentView/ConsentView.tsx
+++ b/web/src/views/LoginPortal/ConsentView/ConsentView.tsx
@@ -1,6 +1,6 @@
 import React, { useEffect, Fragment, ReactNode, useState } from "react";
 
-import { AccountBox, CheckBox, Contacts, Drafts, Group } from "@mui/icons-material";
+import { AccountBox, Autorenew, CheckBox, Contacts, Drafts, Group } from "@mui/icons-material";
 import {
     Button,
     Grid,
@@ -33,6 +33,8 @@ function scopeNameToAvatar(id: string) {
     switch (id) {
         case "openid":
             return <AccountBox />;
+        case "offline_access":
+            return <Autorenew />;
         case "profile":
             return <Contacts />;
         case "groups":
@@ -85,6 +87,8 @@ const ConsentView = function (props: Props) {
         switch (id) {
             case "openid":
                 return translate("Use OpenID to verify your identity");
+            case "offline_access":
+                return translate("Automatically refresh these permissions without user interaction");
             case "profile":
                 return translate("Access your profile information");
             case "groups":