Output granted scopes in credentials block of the auth hash #420
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Envek
force-pushed
the
return-available-scopes
branch
from
fce344c
to
02ffbcf
Compare
|
Looks great, thanks for the contribution! |
|
Thank you for merging! It would be lovely if you release a new version with all the goodies accumulated since last release. |
|
Done. 1.0.1 is out. =) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Google recommends to use Incremental authorization and request scopes only when needed. And there is
include_granted_scopesoption to enable this mode. And it works nice!However, now it is hard to figure out whether user already has been granted required scopes or not yet, because there is no information about it in the auth hash. In this pull request I'm trying to solve this problem.
Luckily, there is API for that:
tokeninfoendpoint (howeverscopeisn't documented here, but documented in NodeJS API, I found info about it here and in my experiments it always return list of granted scopes even if token was acquired without usinginclude_granted_scopes). And more luckily, omniauth-google-oauth2 is already using it for token validation!So I added spec for
credentialssection of Auth hash (there wasn't one) and added outputscopethere as it is present intokeninfooutput.