Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include the received access token's scope in the 'extra' hash #79

Merged
merged 1 commit into from Feb 5, 2020
Merged

Include the received access token's scope in the 'extra' hash #79

merged 1 commit into from Feb 5, 2020

Commits on Jan 20, 2019

  1. Include the received access token's scope in the 'extra' hash 

    According to [GitHub's
documentation](https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/#requested-scopes-and-granted-scopes):

> The scope attribute lists scopes attached to the token that were granted
> by the user. Normally, these scopes will be identical to what you
> requested. However, users can edit their scopes, effectively granting
> your application less access than you originally requested. Also, users
> can edit token scopes after the OAuth flow is completed. You should be
> aware of this possibility and adjust your application's behavior
> accordingly.

Therefore, include the scope returned with the OAuth token in the
'extra' hash generated for the omniauth callback.

According to the OAuth2 gem's code, extra params returned with the
access token response can accessed via indexing on the AccessToken
class:

https://github.com/oauth-xx/oauth2/blob/58471c95c5473d9a494e45534df96f0cf935a2bb/lib/oauth2/access_token.rb#L60-L65
    @davebrace
    davebrace committed Jan 20, 2019
    Copy the full SHA
    1b3a35c View commit details
    Browse the repository at this point in the history