Page MenuHomePhabricator

Begin cleaning up OAuth scope handling
ClosedPublic

Authored by epriestley on Apr 3 2016, 3:41 PM.

Details

Summary

Ref T7303. OAuth scope handling never got fully modernized and is a bit of a mess.

Also introduce implicit "ALWAYS" and "NEVER" scopes.

Always give tokens access to meta-methods like conduit.getcapabilities and conduit.query. These do not expose user information.

Test Plan
  • Used a token to call user.whoami.
  • Used a token to call conduit.query.
  • Used a token to try to call user.query, got rebuffed.

Diff Detail

Repository
rP Phabricator
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

epriestley retitled this revision from to Begin cleaning up OAuth scope handling.Apr 3 2016, 3:41 PM
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
epriestley updated this revision to Diff 37586.
chad edited edge metadata.Apr 3 2016, 4:50 PM
chad accepted this revision.
This revision is now accepted and ready to land.Apr 3 2016, 4:50 PM
This revision was automatically updated to reflect the committed changes.