-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Scope handling #90
Comments
It looks like there are now more scopes than the ones currently included in the package (https://developers.google.com/gmail/api/auth/scopes). Also it seems that 'full' scope is not simply equivalent to all the other scopes.
Which implies to me that those actions are not included in other scopes and can only be obtained by using 'full'. I think the current behavior is to default to readonly scope if the user does not specify one, am I correct in that? |
Current default is to get all 4 scopes: > get_token()
<Token (via gargle)>
<oauth_endpoint> google
<oauth_app> tidyverse
<email> jenny.f.bryan@...
<scopes> ...gmail.readonly, ...gmail.modify, ...gmail.compose, ...mail.google.com, email
<credentials> access_token, expires_in, id_token, refresh_token, token_type
(expires in 60 mins) Agree, |
I don't really remember my original intention, but I think this is actually a bug and my intention was to make read_only alone the default. But because it uses https://github.com/jimhester/gmailr/blob/c0d45d40deda7accc19de644a17d12ac39dbe70c/R/gmailr.R#L81-L83 I think we should probably change the default to simply |
Sounds good. I opened this issue in anticipation that, once the gargle dust settles, gmailr might get a maintenance pass and it would be good to rethink the scope handling. I'd be happy to pitch in btw. |
Yes, it definitely needs one and help would be great! |
When user specifies no scope, does it make more sense to select only
"full"
vs all scopes?In favor:
"full"
implies all the other scopes. Using all 4 scopes is redundant.Against: Once gargle starts to ask "does this token have the scope I need?" as opposed to "does this token have this exact set of scopes?", it is nice to have them all listed.
What if someone gets a token by explicitly asking for
"full"
? They have enough to scope to"compose"
but gargle can't detect that w/o using external knowledge of the API.The text was updated successfully, but these errors were encountered: