Full document, spreadsheet, slideshow, and diagram tooling
fix: replace transition:generic with granular OAuth scopes
Use least-privilege scopes: only request write access to our four
com.atmospheremail.office.* collections and blob upload. Profile
reads are public and need no scope.
Closes tangled.org issue #1 (reported by evan.jarrett.net).
+1
-1
+1
-1
public/client-metadata.json
+1
-1
public/client-metadata.json
···
3
3
"client_name": "Atmosphere Office",
4
4
"client_uri": "https://office.atmospheremail.com",
5
5
"redirect_uris": ["https://office.atmospheremail.com/"],
6
-
"scope": "atproto transition:generic",
6
+
"scope": "atproto repo:com.atmospheremail.office.document repo:com.atmospheremail.office.share repo:com.atmospheremail.office.publicKey repo:com.atmospheremail.office.keyBackup blob:*/*",
7
7
"grant_types": ["authorization_code"],
8
8
"response_types": ["code"],
9
9
"token_endpoint_auth_method": "none",