Homec4science

Begin cleaning up OAuth scope handling

Authored by epriestley <git@epriestley.com> on Apr 3 2016, 17:25.

Description

Begin cleaning up OAuth scope handling

Summary:
Ref T7303. OAuth scope handling never got fully modernized and is a bit of a mess.

Also introduce implicit "ALWAYS" and "NEVER" scopes.

Always give tokens access to meta-methods like conduit.getcapabilities and conduit.query. These do not expose user information.

Test Plan:

  • Used a token to call user.whoami.
  • Used a token to call conduit.query.
  • Used a token to try to call user.query, got rebuffed.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7303

Differential Revision: https://secure.phabricator.com/D15593

Details

Committed
epriestley <git@epriestley.com>Apr 4 2016, 18:11
Pushed
aubortJan 31 2017, 17:16
Parents
rPH694a8543d809: Modernize some OAuth Server code
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH60133b6fa5d5: Begin cleaning up OAuth scope handling (authored by epriestley <git@epriestley.com>).Apr 4 2016, 18:11