Scope Awareness
OAuthTokenService::getAccessToken($userId, $providerId) returns a valid
access token, refreshing transparently if expired. For incremental consent,
callers need to know whether the stored token covers a required set of scopes
before making an API call.
Needed Functionality
-
A method like hasScopes(string $userId, string $providerId, string ...$scopes): bool
that compares the requested scopes against TokenSet::$scope. Probably a WantedScopes object is the better approach?
-
A return type that lets the caller distinguish "token exists but
lacks scopes" from "no token at all", so the UI can show "Connect" vs
"Grant additional access".
Implementation Details
TokenSet::$scope is a space-separated string (per RFC 6749). Comparison
is a simple explode + set-contains check.DefaultOAuthTokenService in base implements the interface. We need to add the check
there.- Not all providers return
scope in token responses. When $scope is null,
hasScopes() should return true (assume all requested scopes were
granted. The provider didn't restrict). To avoid complex if-then-else flows we should probably not implement a fallback magic but a choice of strategies pattern.
- We should prefer objects over tuples and variadics. They are terrible DX.
Scope Awareness
OAuthTokenService::getAccessToken($userId, $providerId)returns a validaccess token, refreshing transparently if expired. For incremental consent,
callers need to know whether the stored token covers a required set of scopes
before making an API call.
Needed Functionality
A method like
hasScopes(string $userId, string $providerId, string ...$scopes): boolthat compares the requested scopes against
TokenSet::$scope. Probably a WantedScopes object is the better approach?A return type that lets the caller distinguish "token exists but
lacks scopes" from "no token at all", so the UI can show "Connect" vs
"Grant additional access".
Implementation Details
TokenSet::$scopeis a space-separated string (per RFC 6749). Comparisonis a simple
explode+ set-contains check.DefaultOAuthTokenServicein base implements the interface. We need to add the checkthere.
scopein token responses. When$scopeis null,hasScopes()should returntrue(assume all requested scopes weregranted. The provider didn't restrict). To avoid complex if-then-else flows we should probably not implement a fallback magic but a choice of strategies pattern.