Set include_granted_scopes=true in the auth request (#70)

* Use include_granted_scopes=true in the auth request. * Clean up spacing. * Use parameter constants. * Check that include_granted_scopes is set.
google · Nov 16, 2021 · 742ae38 · 742ae38
1 parent 3129aaf
commit 742ae38
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/GoogleSignIn/Sources/GIDSignIn.m b/GoogleSignIn/Sources/GIDSignIn.m
@@ -116,10 +116,13 @@
 // The delay before the new sign-in flow can be presented after the existing one is cancelled.
 static const NSTimeInterval kPresentationDelayAfterCancel = 1.0;
 
-// Extra parameters for the token exchange endpoint.
+// Parameters for the auth and token exchange endpoints.
 static NSString *const kAudienceParameter = @"audience";
 // See b/11669751 .
 static NSString *const kOpenIDRealmParameter = @"openid.realm";
+static NSString *const kIncludeGrantedScopesParameter = @"include_granted_scopes";
+static NSString *const kLoginHintParameter = @"login_hint";
+static NSString *const kHostedDomainParameter = @"hd";
 
 // Minimum time to expiration for a restored access token.
 static const NSTimeInterval kMinimumRestoredAccessTokenTimeToExpire = 600.0;
@@ -431,20 +434,23 @@ - (void)authenticateInteractivelyWithOptions:(GIDSignInInternalOptions *)options
                                              [schemes clientIdentifierScheme],
                                              kBrowserCallbackPath]];
   NSString *emmSupport = [[self class] isOperatingSystemAtLeast9] ? kEMMVersion : nil;
+
   NSMutableDictionary<NSString *, NSString *> *additionalParameters = [@{} mutableCopy];
+  additionalParameters[kIncludeGrantedScopesParameter] = @"true";
   if (options.configuration.serverClientID) {
     additionalParameters[kAudienceParameter] = options.configuration.serverClientID;
   }
   if (options.loginHint) {
-    additionalParameters[@"login_hint"] = options.loginHint;
+    additionalParameters[kLoginHintParameter] = options.loginHint;
   }
   if (options.configuration.hostedDomain) {
-    additionalParameters[@"hd"] = options.configuration.hostedDomain;
+    additionalParameters[kHostedDomainParameter] = options.configuration.hostedDomain;
   }
   [additionalParameters addEntriesFromDictionary:
       [GIDAuthentication parametersWithParameters:options.extraParams
                                        emmSupport:emmSupport
                            isPasscodeInfoRequired:NO]];
+
   OIDAuthorizationRequest *request =
       [[OIDAuthorizationRequest alloc] initWithConfiguration:_appAuthConfiguration
                                                     clientId:options.configuration.clientID

diff --git a/GoogleSignIn/Tests/Unit/GIDSignInTest.m b/GoogleSignIn/Tests/Unit/GIDSignInTest.m
@@ -1030,6 +1030,8 @@ - (void)OAuthLoginWithOptions:(GIDSignInInternalOptions *)options
     [_authState verify];
 
     XCTAssertNotNil(_savedAuthorizationRequest);
+    NSDictionary<NSString *, NSObject *> *params = _savedAuthorizationRequest.additionalParameters;
+    XCTAssertEqualObjects(params[@"include_granted_scopes"], @"true");
     XCTAssertNotNil(_savedAuthorizationCallback);
     XCTAssertEqual(_savedPresentingViewController, _presentingViewController);