this repo has no description
oauth demo: log if returned scopes don't match (#1146)
+7
-1
+7
-1
atproto/auth/oauth/cmd/oauth-web-demo/main.go
+7
-1
atproto/auth/oauth/cmd/oauth-web-demo/main.go
···
8
8
"log/slog"
9
9
"net/http"
10
10
"os"
11
+
"slices"
11
12
12
13
_ "github.com/joho/godotenv/autoload"
13
14
···
78
79
79
80
func runServer(cctx *cli.Context) error {
80
81
81
-
scopes := []string{"atproto", "transition:generic"}
82
+
// the 'account:email' scope is requested only as a demo of users not granting a permission during auth flow
83
+
scopes := []string{"atproto", "repo:app.bsky.feed.post?action=create", "account:email"}
82
84
bind := ":8080"
83
85
84
86
var config oauth.ClientConfig
···
245
247
if err != nil {
246
248
http.Error(w, fmt.Errorf("processing OAuth callback: %w", err).Error(), http.StatusBadRequest)
247
249
return
250
+
}
251
+
252
+
if !slices.Equal(sessData.Scopes, s.OAuth.Config.Scopes) {
253
+
slog.Warn("session auth scopes did not match those requested", "requested", s.OAuth.Config.Scopes, "granted", sessData.Scopes)
248
254
}
249
255
250
256
// create signed cookie session, indicating account DID