Page MenuHomePhabricator

Begin cleaning up OAuth scope handling

Authored by epriestley on Apr 3 2016, 3:41 PM.



Ref T7303. OAuth scope handling never got fully modernized and is a bit of a mess.

Also introduce implicit "ALWAYS" and "NEVER" scopes.

Always give tokens access to meta-methods like conduit.getcapabilities and conduit.query. These do not expose user information.

Test Plan
  • Used a token to call user.whoami.
  • Used a token to call conduit.query.
  • Used a token to try to call user.query, got rebuffed.

Diff Detail

rP Phabricator
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

epriestley updated this revision to Diff 37586.Apr 3 2016, 3:41 PM
epriestley retitled this revision from to Begin cleaning up OAuth scope handling.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
chad accepted this revision.Apr 3 2016, 4:50 PM
chad edited edge metadata.
This revision is now accepted and ready to land.Apr 3 2016, 4:50 PM
This revision was automatically updated to reflect the committed changes.