this repo has no description
oauth demo: log if returned scopes don't match
+6
-1
+6
-1
atproto/auth/oauth/cmd/oauth-web-demo/main.go
+6
-1
atproto/auth/oauth/cmd/oauth-web-demo/main.go
···
8
8
"log/slog"
9
9
"net/http"
10
10
"os"
11
+
"slices"
11
12
12
13
_ "github.com/joho/godotenv/autoload"
13
14
···
78
79
79
80
func runServer(cctx *cli.Context) error {
80
81
81
-
scopes := []string{"atproto", "transition:generic"}
82
+
scopes := []string{"atproto", "account:email"}
82
83
bind := ":8080"
83
84
84
85
var config oauth.ClientConfig
···
245
246
if err != nil {
246
247
http.Error(w, fmt.Errorf("processing OAuth callback: %w", err).Error(), http.StatusBadRequest)
247
248
return
249
+
}
250
+
251
+
if !slices.Equal(sessData.Scopes, s.OAuth.Config.Scopes) {
252
+
slog.Warn("session auth scopes did not match those requested", "requested", s.OAuth.Config.Scopes, "granted", sessData.Scopes)
248
253
}
249
254
250
255
// create signed cookie session, indicating account DID