Spring Social
  1. Spring Social
  2. SOCIAL-151

Support Scope in ProviderSignInController

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.0.0.RC1
    • Component/s: None
    • Labels:
      None

      Description

      As the developer of an application that uses ProviderSignInController to let my users signin through an OAuth 2 service provider, I'd like to be able to specify the authorization scope in the signin form so that new connections may be scoped properly.

      When creating connections for an existing user via ConnectController, the scope may be specified. And when signing in via ProviderSignInController, that existing user's connection will have an access token with authorization scope requested when the connection was first made.

      But if a user attempts to signin via ProviderSignInController and no existing connection can be found, the user will need to register and then a new connection will be persisted. The problem is that the signin controller sends the user to the provider's authentication/authorization page without specifying a scope. Consequently, the access token received (and used to create the new connection) will be given default scope which is probably not good enough for the application's needs.

      ProviderSignInController should accept a scope parameter like ConnectController so that it can request specific scope when doing the signin and so that a new connection, if created, will be granted the necessary scope for the application's needs.

        Activity

        Hide
        Craig Walls added a comment -

        ProviderSignInController now accepts a "scope" field in the POST request that kicks off the signin flow for an OAuth2 provider. This is the same as how ConnectController handles scope.

        Show
        Craig Walls added a comment - ProviderSignInController now accepts a "scope" field in the POST request that kicks off the signin flow for an OAuth2 provider. This is the same as how ConnectController handles scope.

          People

          • Assignee:
            Unassigned
            Reporter:
            Craig Walls
          • Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: