Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign upAdd more granular OAuth scopes #7929
Conversation
This comment has been minimized.
This comment has been minimized.
|
I agree on the scopes, but not the design. We should group scopes by “privacy” level. Read public profile, Read Public toots, Etc. it should be grouped by what people do. If I use an app, yes, I want to know they can do each thing, but I also what that high level overview. A list like this isn’t useful to non technical users. We must make that simple for people to understand. What does each thing mean? Maybe displau it grouped by topic? |
This comment has been minimized.
This comment has been minimized.
|
That is, it should be grouped by type, not access level; they’re different vertices. |
This comment has been minimized.
This comment has been minimized.
|
So, basically, you need to transpose this into a grid: field / read / write For the top levels, they should just auto-check all below. Check all / read, abd it checks everything below it in read |
This comment has been minimized.
This comment has been minimized.
|
The current design is too developer focused; from a user perspective I want to know who and what can do what things. |
This comment has been minimized.
This comment has been minimized.
|
@ThisIsMissEm The screenshot is from the development "create app" UI. The authorize page is untouched, and simply lists the human description of the requested scopes as before. |
This comment has been minimized.
This comment has been minimized.
|
I'm hoping it's an incremental improvement and will allow for more improvements on top of it in the future. Most importantly there is still no way to get different statuses depending on scope, it's all or nothing. |
This comment has been minimized.
This comment has been minimized.
|
@Gargron okay, so, I’d take things that are generic (read/write/follow) and put those in a separate section, to discourage their use; I think “push” could also be split up into finer grain items, but it isn’t critical for now. Then the remainder can be groups by object like shown above, rather than a flat list. Currently the list looks overwhelming and jumbled, but by adding grouping we can make it much clearer for developers & help encourage them to make better choices |
This comment has been minimized.
This comment has been minimized.
|
Maybe I could assign color codes to each scope, and the top-level ones could be dangerous red or something, additionally to re-grouping them. Personally I don't know if client apps should get the top-level or all of the specific ones. What if a new feature comes out, like filters? Then all apps would have to re-register and re-authenticate their users... I'm probably not going to add anything more to this PR though, because 37 changed files is on the high end of what I expect other contributors to read and review. |
This comment has been minimized.
This comment has been minimized.
|
I think even for client apps people should know exactly what that application is going to be able to access on their behalf. It's not like we can create an access token that'll only work on the device — nothing stops apps from exfiltrating access tokens to remote servers to scrap data and collect information breaching user privacy.
… On 3 Jul 2018, at 4:25 pm, Eugen Rochko ***@***.***> wrote:
Maybe I could assign color codes to each scope, and the top-level ones could be dangerous red or something, additionally to re-grouping them. Personally I don't know if client apps should get the top-level or all of the specific ones. What if a new feature comes out, like filters? Then all apps would have to re-register and re-authenticate their users...
I'm probably not going to add anything more to this PR though, because 37 changed files is on the high end of what I expect other contributors to read and review.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#7929 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAB4ay2sH4F8XYrKykEgivLmTPd_2b_Cks5uC37qgaJpZM4U_09B>.
|
| @@ -1,7 +1,7 @@ | |||
| # frozen_string_literal: true | |||
|
|
|||
| class Api::V1::FollowsController < Api::BaseController | |||
| before_action -> { doorkeeper_authorize! :follow } | |||
| before_action -> { doorkeeper_authorize! :follow, :'write:follows', :'write:follows:create' } | |||
This comment has been minimized.
This comment has been minimized.
valerauko
Jul 5, 2018
Contributor
Is the :'write:follows:create' intentional? Is there a third tier too?
| @@ -1,8 +1,8 @@ | |||
| # frozen_string_literal: true | |||
|
|
|||
| class Api::V1::ListsController < Api::BaseController | |||
| before_action -> { doorkeeper_authorize! :read }, only: [:index, :show] | |||
| before_action -> { doorkeeper_authorize! :write }, except: [:index, :show] | |||
| before_action -> { doorkeeper_authorize! :read, :'read:lists' }, only: [:index, :show] | |||
This comment has been minimized.
This comment has been minimized.
valerauko
Jul 5, 2018
Contributor
Previously the colons were aligned too (there are a few others like this)
| :'write:notifications', | ||
| :'write:reports', | ||
| :'write:statuses', | ||
| :read, |
This comment has been minimized.
This comment has been minimized.
|
|
||
| before do | ||
| user.account.block_domain!('example.com') | ||
| allow(controller).to receive(:doorkeeper_token) { token } | ||
| end | ||
|
|
||
| shared_examples 'forbidden for wrong scope' do |wrong_scope| |
This comment has been minimized.
This comment has been minimized.
valerauko
Jul 5, 2018
Contributor
I'd say this should be moved to some shared place once other controller specs use it too (blocks and accounts already have the same though)
* Add more granular OAuth scopes * Add human-readable descriptions of the new scopes * Ensure new scopes look good on the app UI * Add tests * Group scopes in screen and color-code dangerous ones * Fix wrong extra scope
Gargron commentedJul 2, 2018
•
edited
Fix #7121
PUT /api/v1/accounts/verify_credentialsPOST /api/v1/statuses/:id/pinPOST /api/v1/statuses/:id/unpinPOST /api/v1/accounts/:id/blockPOST /api/v1/accounts/:id/unblockPOST|DELETE /api/v1/domain_blocksPOST /api/v1/statuses/:id/favouritePOST /api/v1/statuses/:id/unfavouritePOST /api/v1/filtersPUT|DELETE /api/v1/filters/:idPOST /api/v1/accounts/:id/followPOST /api/v1/accounts/:id/unfollowPOST /api/v1/followsPOST /api/v1/follow_requests/:id/authorizePOST /api/v1/follow_requests/:id/rejectPOST|DELETE /api/v1/lists/:id/accountsPOST /api/v1/listsPUT|DELETE /api/v1/lists/:idPOST /api/v1/mediaPUT /api/v1/media/:idPOST /api/v1/statuses/:id/mutePOST /api/v1/statuses/:id/unmutePOST /api/v1/accounts/:id/mutePOST /api/v1/accounts/:id/unmutePOST /api/v1/notifications/clearPOST /api/v1/notifications/:id/dismissPOST /api/v1/reportsPOST /api/v1/statuses/:id/reblogPOST /api/v1/statuses/:id/unreblogPOST /api/v1/statusesDELETE /api/v1/statuses/:idGET /api/v1/accounts/verify_credentialsGET /api/v1/accounts/:id/followersGET /api/v1/accounts/:id/followingGET /api/v1/accounts/searchGET /api/v1/statuses/:id/favourited_byGET /api/v1/statuses/:id/reblogged_byGET /api/v1/accounts/:idGET /api/v1/blocksGET /api/v1/domain_blocksGET /api/v1/favouritesGET /api/v1/filtersGET /api/v1/filters/:idGET /api/v1/accounts/relationshipsGET /api/v1/follow_requestsGET /api/v1/accounts/:id/listsGET /api/v1/lists/:id/accountsGET /api/v1/listsGET /api/v1/lists/:idGET /api/v1/mutesGET /api/v1/notificationsGET /api/v1/notifications/:idGET /api/v1/reportsGET /api/v1/searchGET /api/v2/searchGET /api/v1/accounts/:id/statusesGET /api/v1/timelines/directGET /api/v1/timelines/homeGET /api/v1/timelines/list/:idGET /api/v1/statuses/:idGET /api/v1/statuses/:id/contextGET /api/v1/statuses/:id/cardAll UIs remain the same before, except the developer form for creating new apps, which I have adjusted: