Present authorized scopes to user, post-auth #63

jamietanna · 2021-02-28T21:23:26Z

Previously, the scopes that were presented to the user (alongside their
me) were the scopes that Micropublish requested, rather than the
scopes returned by the authorization server.

We should make sure we present those that were actually returned by the
token endpoint.

To match the intent, we should update our methods to note that they also
return the scope, and make sure we update our session object with it.

Previously, the scopes that were presented to the user (alongside their `me`) were the scopes that Micropublish requested, rather than the scopes returned by the authorization server. We should make sure we present those that were actually returned by the token endpoint. To match the intent, we should update our methods to note that they also return the `scope`, and make sure we update our session object with it.

barryf · 2021-03-01T17:01:43Z

This looks great! 🙌 I'll check it out later but should be good to merge.

jamietanna changed the title ~~Present authorized scopes to user, psot-auth~~ Present authorized scopes to user, post-auth Feb 28, 2021

jamietanna force-pushed the defect/scope branch from cbba98f to 7a740f4 Compare February 28, 2021 21:23

barryf temporarily deployed to mpubl-pr-63 March 1, 2021 19:49 Inactive

barryf merged commit 333f6ca into barryf:master Mar 1, 2021

Present authorized scopes to user, post-auth #63

Present authorized scopes to user, post-auth #63

jamietanna commented Feb 28, 2021

barryf commented Mar 1, 2021

Present authorized scopes to user, post-auth #63

Present authorized scopes to user, post-auth #63

Conversation

jamietanna commented Feb 28, 2021

barryf commented Mar 1, 2021