Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for enable_granular_consent option #455

Merged
merged 1 commit into from
Mar 29, 2024
Merged

Add support for enable_granular_consent option #455

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 2 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,8 @@ You can configure several options, which you pass in to the `provider` method vi

* `include_granted_scopes`: If this is provided with the value true, and the authorization request is granted, the authorization will include any previous authorizations granted to this user/application combination for other scopes. See Google's [Incremental Authorization](https://developers.google.com/accounts/docs/OAuth2WebServer#incrementalAuth) for additional details.

* `enable_granular_consent`: If this is provided with the value true, users can choose to only grant access to specific data. See Google's [How to handle granular permissions](https://developers.google.com/identity/protocols/oauth2/resources/granular-permissions) guide for additional details.

* `openid_realm`: Set the OpenID realm value, to allow upgrading from OpenID based authentication to OAuth 2 based authentication. When this is set correctly an `openid_id` value will be set in `['extra']['id_info']` in the authentication hash with the value of the user's OpenID ID URL.

* `provider_ignores_state`: You will need to set this to `true` when using the `One-time Code Flow` below. In this flow there is no server side redirect that would set the state.
Expand Down
2 changes: 1 addition & 1 deletion lib/omniauth/strategies/google_oauth2.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ class GoogleOauth2 < OmniAuth::Strategies::OAuth2
DEFAULT_SCOPE = 'email,profile'
USER_INFO_URL = 'https://www.googleapis.com/oauth2/v3/userinfo'
IMAGE_SIZE_REGEXP = /(s\d+(-c)?)|(w\d+-h\d+(-c)?)|(w\d+(-c)?)|(h\d+(-c)?)|c/
AUTHORIZE_OPTIONS = %i[access_type hd login_hint prompt request_visible_actions scope state redirect_uri include_granted_scopes openid_realm device_id device_name]
AUTHORIZE_OPTIONS = %i[access_type hd login_hint prompt request_visible_actions scope state redirect_uri include_granted_scopes enable_granular_consent openid_realm device_id device_name]

option :name, 'google_oauth2'
option :skip_friends, true
Expand Down
11 changes: 11 additions & 0 deletions spec/omniauth/strategies/google_oauth2_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,17 @@
end
end

describe 'enable_granular_consent' do
it 'should default to nil' do
expect(subject.authorize_params['enable_granular_consent']).to eq(nil)
end

it 'should set the enable_granular_consent parameter if present' do
@options = { enable_granular_consent: 'true' }
expect(subject.authorize_params['enable_granular_consent']).to eq('true')
end
end

describe 'scope' do
it 'should expand scope shortcuts' do
@options = { scope: 'calendar' }
Expand Down