Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dynamically changing scopes leads to old scopes being still active #119

Open
Compufreak345 opened this issue Jan 14, 2016 · 4 comments
Open

Dynamically changing scopes leads to old scopes being still active #119

Compufreak345 opened this issue Jan 14, 2016 · 4 comments
Labels
enhancement wontfix

Comments

@Compufreak345
Copy link

I am trying to set the scopes by checkboxes, so my code looks like this :

<div class="vertical layout">
            <div>
                <paper-checkbox checked="{{syncContacts}}">Sync contacts</paper-checkbox>
            </div>
            <div>
                <paper-checkbox checked="{{syncCalendar}}">Sync calendar</paper-checkbox>
            </div>
            <google-signin scopes="[[_getScopes(syncContacts,syncCalendar)]]"></google-signin>
</div>
_getScopes: function(syncContacts,syncCalendar) {
                var s = "";
                if(syncContacts) s+="https://www.googleapis.com/auth/contacts.readonly ";
                if(syncCalendar) s+="https://www.googleapis.com/auth/calendar.readonly";
                return s;
            }

It works when I am checking the boxes initially, but it is always keeping the scopes that were checked once, because of line 678 in google-signin-aware.html adding new scopes but not removing old ones :

_scopesChanged: function(newVal, oldVal) {
        AuthEngine.requestScopes(newVal);
        this._updateScopeStatus();
      }

The comment on the requestScopes says /** request additional scopes */ so it actually does not remove older scopes.
I am not into AuthEngine so I don't know if there is any method for resetting the scopes, but I think something like this is needed there.
@atotic
Copy link
Contributor

atotic commented Jan 14, 2016

There is no way to do it. This was a conscious design decision. Google's signin library gapi.auth2 only supports revoking all scopes, and no partials. So our architecture does not support dropping scopes:

  • <google-signin> keeps a global registry of requested scopes, and does not keep count of how many times scope has been registered.
  • when signinAware drops a scope, we can't remove it, because it could have been registered multiple times
    The only time when partial revoke would be useful is before pemissions were granted. As a workaround, you can delay creating the signin-aware elements until user clicks on the signin button.

@Compufreak345
Copy link
Author

Thanks for the response, but if this is the case I have another problem that might be caused by this behavior :
Even if I leave the scopes-property empty it requests the scopes openid, profile and email and I am not able to do something against it - what can I do to prevent this behavior?

@atotic
Copy link
Contributor

atotic commented Jan 15, 2016

Again, that is gapi.auth2 behavior.

@Compufreak345
Copy link
Author

Thanks for the explanation - as this behavior is optional I made #120 - it would be great if this option could be added.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement wontfix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@atotic @Compufreak345