[openstreetmap/openstreetmap-website] Add support for OAuth 2 (#3177)

mmd notifications at github.com
Thu Apr 15 07:40:55 UTC 2021


Regarding updating an application, I found out that this has no impact on existing tokens. While this seems reasonable in case of adding more scopes (you could otherwise trick a user into accepting only a minimum set of scopes and extend later on without them knowing), I'm not sure about removing scopes:
As an example, I'm still able to read user preferences (read_prefs is include in my scopes), although this scope has been withdrawn in the oauth application in the menatime. When calling the user details endpoint, my token scope has higher precedence than the application scopes.





-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/3177#issuecomment-820197047
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20210415/7f910b8a/attachment.htm>


More information about the rails-dev mailing list