Add all declared scopes is auth.oauth2.scopes discovery file section

[clementdenis]

Currently, only the email scope is asked by the API explorer, because other scopes declared by APIs and API methods are not aggregated in the discovery file.
This brings Cloud Endpoints on par with the behavior of Google own APIs.

[codecov-io]

Codecov Report

Merging #92 into master will increase coverage by 0.06%.
The diff coverage is 93.93%.

@@             Coverage Diff              @@
##             master      #92      +/-   ##
============================================
+ Coverage     80.02%   80.09%   +0.06%     
- Complexity     1681     1689       +8     
============================================
  Files           156      157       +1     
  Lines          5597     5626      +29     
  Branches        731      732       +1     
============================================
+ Hits           4479     4506      +27     
- Misses          838      841       +3     
+ Partials        280      279       -1

Impacted Files	Coverage Δ	Complexity Δ
...e/api/server/spi/discovery/DiscoveryGenerator.java	88.84% <100%> (+0.44%)	63 <0> (+1)	⬆️
...i/server/spi/config/model/AuthScopeRepository.java	90% <90%> (ø)	7 <7> (?)
...ig/annotationreader/ApiAnnotationIntrospector.java	91.42% <0%> (-1.43%)	29% <0%> (-1%)
.../server/spi/discovery/CommonPathPrefixBuilder.java	100% <0%> (+5.55%)	9% <0%> (+1%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b16ce3f...d21d9cd. Read the comment docs.

[tangiel]

Apologies for the slow review.

[tangiel]

Is this file generated or hand written? Might be a hassle to keep up to date.

[clementdenis]

Keys and values were extracted separately using the xpath expressions below, and merged in a spreadsheet.
Then some transformations were performed to deduplicate, sort the entries and add comments.

All of this could be easily automated, but I was hoping you had an "official" list of scope descriptions at Google.
This would be much better than scrapping a web page. Do you know if something like that exists?

[clementdenis]

Hi @tangiel ,
Could you have another look at this one?
I added AuthScopeDescriptions to fetch up-to-date scopes automatically (updating scopeDescriptions.properties is still manual though).

[tangiel]

Presumably this doesn't work when multiple scopes are required? What would happen if the scope expression is "email profile" for example?

[clementdenis]

Indeed, but is this how the @Api*.scopes field is supposed to be used?
It is a String array, so I assumed each scope must be declared independently.
i.e. @apimethod(scopes = {"email", "profile"}) rather than @apimethod(scopes = {"email profile"})

[tangiel]

This probably needs to be documented better, but the comma separation is a logical OR for scopes. To require multiple scopes simultaneously you are supposed to use one string with space separation.

[clementdenis]

I extracted the logic for scope description handling to its own class, should be clearer.

[tangiel]

I don't know if you saw my comment since it was in an outdated comment, but: This probably needs to be documented better, but the comma separation is a logical OR for scopes. To require multiple scopes simultaneously you are supposed to use one string with space separation.

[clementdenis]

I just updated the PR to handle scope conjunction expressions properly.

And I learned something about scope expressions :-)

[tangiel]

Thanks @clementdenis, sorry it took so long to review.