-
Notifications
You must be signed in to change notification settings - Fork 350
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Customize defaultScope used by auth0Client #389
Conversation
Thanks for this @srihari93. We will need additional tests that cover the other entry points into the SDK that deal with default scopes. I see you've provided a test for
These all process default scopes, either by calling |
I think we also want to force |
@srihari93 As mentioned above, we would need additional tests written plus we need to enforce This could be done in the constructor here, for example. this.defaultScope = getUniqueScopes(`openid
${
this.options.advancedOptions &&
this.options.advancedOptions.defaultScope
? this.options.advancedOptions.defaultScope
: DEFAULT_SCOPE
}`); Let me know if you'd be able to make these changes, or whether you're happy for me to make them on your behalf. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Requires changes as mentioned in the comments above. We would like to include this in an up-coming release; let me know if we can make these changes for you.
@stevehobbsdev Sorry, for being sparse with my communication. If you can make the changes, please go ahead. I had to deprioritize this among my other tasks, so I would appreciate if you can take the feature ahead yourself. |
Will do, thanks @srihari93 |
If you need an extra pair of hands to get this into the next release, I'd happily make the changes mentioned above @stevehobbsdev |
Thanks @conorcussell. They're already in progress, I just need to push what I have (hopefully tomorrow). Feel free to chime in on a review once they're there 👍 |
I could not push changes to this PR, so I have now opened #435 to implement this. |
Description
The library includes
'openid profile email'
as defaultScope and there is no way for devs to exclude these scopes. Some of our users have lot of unnecessary information inprofile
and their JWT tokens too big to fit in theAuthorization
header. We would like to have the flexibility to exclude some scopes, as we have with the auth0-lock.js.The maintainers suggested that a
advancedScope.defaultScope
can be used to control defaultScope for cases like us but, keep the default behaviour for other devs. This is an acceptable solution to us and this PR implements the suggestion.The Docs should be changed to add this info.
References
Testing
A simple test is added, please see if thats enough https://github.com/srihari93/auth0-spa-js/blob/a2fc948757362de2bdb3d05f661cd6304fbaacc5/__tests__/index.test.ts#L187-L203
Checklist
master