Page MenuHomePhabricator

Begin cleaning up OAuth scope handling
ClosedPublic

Authored by epriestley on Apr 3 2016, 3:41 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Mar 16, 6:33 PM
Unknown Object (File)
Sat, Mar 16, 6:30 PM
Unknown Object (File)
Sat, Mar 16, 6:23 PM
Unknown Object (File)
Sat, Mar 16, 5:22 PM
Unknown Object (File)
Sat, Mar 16, 3:21 PM
Unknown Object (File)
Wed, Mar 13, 6:59 PM
Unknown Object (File)
Wed, Mar 13, 5:37 PM
Unknown Object (File)
Feb 21 2024, 11:32 PM
Subscribers
None

Details

Summary

Ref T7303. OAuth scope handling never got fully modernized and is a bit of a mess.

Also introduce implicit "ALWAYS" and "NEVER" scopes.

Always give tokens access to meta-methods like conduit.getcapabilities and conduit.query. These do not expose user information.

Test Plan
  • Used a token to call user.whoami.
  • Used a token to call conduit.query.
  • Used a token to try to call user.query, got rebuffed.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley retitled this revision from to Begin cleaning up OAuth scope handling.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
chad edited edge metadata.
This revision is now accepted and ready to land.Apr 3 2016, 4:50 PM
This revision was automatically updated to reflect the committed changes.