Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add OAuth scopes for extended user data #14279

Closed
alrocar opened this issue Sep 12, 2018 · 6 comments
Closed

Add OAuth scopes for extended user data #14279

alrocar opened this issue Sep 12, 2018 · 6 comments
Assignees
@alrocar

Comments

@alrocar
Copy link
Contributor

alrocar commented Sep 12, 2018

Some applications are gonna need reading some public user data to personalize the UI. For instance:

  • The user avatar
  • The actual user name and last name.
  • etc.

Same for organization data:

  • Who is the owner
  • Who are admins
  • etc.
@alrocar alrocar self-assigned this Sep 12, 2018
@alrocar
Copy link
Contributor Author

alrocar commented Sep 12, 2018

Taking a look at what other OAuth providers do:

  • Most of them distinguish between user public profile (avatar, name, job, etc.) and user contact details (email, phone, etc.)
  • In some cases there are read and write permissions.
  • Some services provide the user public profile as the default scope.

Proposal for our scopes:

  • user:profile:read -> Read access to: avatar_url, name, last_name

  • org:profile:read -> Read access to: display_name, description, owner

  • Eventually we could have user:profile:write and org:profile:write scopes.

Thoughts? @javitonino

@javitonino
Copy link
Contributor

How would you add the "contact details" permission to that?

@alrocar
Copy link
Contributor Author

alrocar commented Sep 12, 2018

I assume it would be a different scope, user:contact_details:read or something like that.

@javitonino
Copy link
Contributor

8 scopes for this: (user/org, profile/contact, read/write) is maybe a bit too much :D Some ideas, not sure if they make sense (writing as I think):

  • Merge user:profile with org:profile. It's probably better to merge them so the same scope works for orgs and plan users
  • Have a single user:write that modifies the profile and other parameters. We'll probably never implement this though, it's quite dangerous... 🤔 Maybe we can avoid the read part of the scope for now?

Also, where would something like job profile fit? It's not really part of the public profile, but not contact details. But yeah, maybe we can have user:private_info or something like that...

@alrocar
Copy link
Contributor Author

alrocar commented Sep 12, 2018

Personally I think the fewer scopes the better... so yep having a user:profilefor the user info aforementioned above could work.

@alrocar
Copy link
Contributor Author

alrocar commented Sep 18, 2018

Closing this as we have added the required scope to unblock other related issues.

At some point we'll probably need to add new scopes, but at the moment I think it's fine open new issues it as it's required for other apps.

@alrocar alrocar closed this as completed Sep 18, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alrocar alrocar

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alrocar @javitonino