Homec4science

OAuthServer - default "whoami" scope and refine scope-asking workflow

Authored by Bob Trahan <btrahan@phacility.com> on Feb 7 2015, 00:32.

Description

OAuthServer - default "whoami" scope and refine scope-asking workflow

Summary: Ref T7153. The "whoami" scope should be default and always on, because otherwise we can't do anything at all. Also, if a client doesn't want a certain scope, don't bother asking the user for it. To get there, had to add "scope" to the definition of a client.

Test Plan: applied the patch to a phabricator "client" and a phabricator "server" as far as oauth shenanigans go. Then I tried to login / register with oauth. If the "client" was configured to ask for "always on" access I got that in the dialogue, and otherwise no additional scope questions were present. Verified scope was properly granted in either case.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7153

Differential Revision: https://secure.phabricator.com/D11705

Details

Committed
Bob Trahan <btrahan@phacility.com>Feb 7 2015, 00:32
Pushed
aubortJan 31 2017, 17:16
Parents
rPH28b23fd789dc: Use --hex-blob flag in bin/storage dump
Branches
Unknown
Tags
Unknown

Event Timeline

Bob Trahan <btrahan@phacility.com> committed rPHeee8d194eb48: OAuthServer - default "whoami" scope and refine scope-asking workflow (authored by Bob Trahan <btrahan@phacility.com>).Feb 7 2015, 00:32