:config => scope misparsed #8

Closed
saizai opened this Issue Nov 29, 2011 · 2 comments

Comments

Projects
None yet
2 participants

saizai commented Nov 29, 2011

Under Devise / OmniAuth, the following line:

config.omniauth :google_oauth2, KEY, SECRET, :scope => "userinfo.email,userinfo.profile"

… results in the following error from Google:

  OAuth 2.0 error: invalid_scope

  Some requested scopes were invalid. {valid=[https://www.googleapis.com/auth/userinfo.email], invalid=[userinfo.email,userinfo.profile]}

  OAuth2 Request Details
  response_type=code
  [redacted]
  access_type=offline
  scope=https://www.googleapis.com/auth/userinfo.email userinfo.email,userinfo.profile

It seems like the scope parsing code isn't being hit, because leaving off the :scope parameter works fine.

Owner

zquestz commented Nov 29, 2011

Very strange, in the example code I can't replicate this. Here's the snippet I am using to test.

use OmniAuth::Builder do
  provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], { :scope => 'userinfo.email,userinfo.profile'
  }
end

I can also confirm it works in my Rails applications without devise. Perhaps devise is doing something behind the scenes it shouldn't do? For now it seems the solution is to just use space delimited full urls in the scope parameter. That would at least bypass the issue until we can determine the root cause.

Lastly there are tests around the scoping code, if you can provide a failing spec that would be fantastic.

Also the scope that ended up being generated was extremely odd, seems it only appended the scope you defined to a string that doesn't appear in the lib...

Owner

zquestz commented Dec 24, 2011

Any status? Giving this a week then closing.

@zquestz zquestz closed this Jan 6, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment