fix(oauth): strip permissions that are not on the whitelist #2478

zaach · 2015-05-26T22:08:24Z

This pares down the scopes we receive from the relier so that we only grant the ones we currently prompt for.

coveralls · 2015-05-26T22:20:41Z

Changes Unknown when pulling a6a22c0 on strip-non-whitelisted-permissions into * on master*.

fix(oauth): strip permissions that are not on the whitelist r=vladikoff

jrgm · 2015-05-27T18:52:02Z

Yeah @zaach, on {accounts,oauth,profile,api-accounts}.stage.mozaws.net I'm still seeing POST /v1/authorization requesting "scope":"profile:uid profile:email profile:display_name"

fix(oauth): strip permissions that are not on the whitelist

a6a22c0

zaach added the waffle:needs review label May 26, 2015

vladikoff added a commit that referenced this pull request May 26, 2015

Merge pull request #2478 from mozilla/strip-non-whitelisted-permissions

1b740d3

fix(oauth): strip permissions that are not on the whitelist r=vladikoff

vladikoff removed the waffle:needs review label May 26, 2015

vladikoff deleted the strip-non-whitelisted-permissions branch May 26, 2015

zaach mentioned this pull request May 27, 2015

fix(oauth): sanitize scope of untrusted reliers #2484

Merged

mozilla / fxa-content-server Archived

fix(oauth): strip permissions that are not on the whitelist #2478

fix(oauth): strip permissions that are not on the whitelist #2478

zaach commented May 26, 2015

coveralls commented May 26, 2015

jrgm commented May 27, 2015

mozilla / fxa-content-server Archived

fix(oauth): strip permissions that are not on the whitelist #2478

fix(oauth): strip permissions that are not on the whitelist #2478

Conversation

zaach commented May 26, 2015

coveralls commented May 26, 2015

jrgm commented May 27, 2015