change in oauth scopes (#155)

* change in oauth scopes. closes #148 * code review changes * code review changes Co-authored-by: Rishabh Poddar <[email protected]>
supertokens · Aug 14, 2021 · b73bafb · b73bafb
1 parent b15a195
commit b73bafb
Show file tree

Hide file tree

Showing 11 changed files with 53 additions and 48 deletions.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,31 +1,37 @@
 ## Summary of change
+
 (A few sentences about this PR)
 
 ## Related issues
-- Link to issue1 here
-- Link to issue1 here
+
+-   Link to issue1 here
+-   Link to issue1 here
 
 ## Test Plan
+
 (Write your test plan here. If you changed any code, please provide us with clear instructions on how you verified your changes work. Bonus points for screenshots and videos!)
 
 ## Documentation changes
+
 (If relevant, please create a PR in our [docs repo](https://github.com/supertokens/docs), or create a checklist here highlighting the necessary changes)
 
 ## Checklist for important updates
-- [ ] Changelog has been updated
-- [ ] `coreDriverInterfaceSupported.json` file has been updated (if needed)
-   - Along with the associated array in `lib/ts/version.ts`
-- [ ] `frontendDriverInterfaceSupported.json` file has been updated (if needed)
-- [ ] Changes to the version if needed
-   - In `package.json`
-   - In `package-lock.json`
-   - In `lib/ts/version.ts`
-- [ ] Had run `npm run build-pretty`
-- [ ] Had installed and ran the pre-commit hook
-- [ ] Issue this PR against the latest non released version branch.
-   - To know which one it is, run find the latest released tag (`git tag`) in the format `vX.Y.Z`, and then find the latest branch (`git branch --all`) whose `X.Y` is greater than the latest released tag.
-   - If no such branch exists, then create one from the latest released branch.
+
+-   [ ] Changelog has been updated
+-   [ ] `coreDriverInterfaceSupported.json` file has been updated (if needed)
+    -   Along with the associated array in `lib/ts/version.ts`
+-   [ ] `frontendDriverInterfaceSupported.json` file has been updated (if needed)
+-   [ ] Changes to the version if needed
+    -   In `package.json`
+    -   In `package-lock.json`
+    -   In `lib/ts/version.ts`
+-   [ ] Had run `npm run build-pretty`
+-   [ ] Had installed and ran the pre-commit hook
+-   [ ] Issue this PR against the latest non released version branch.
+    -   To know which one it is, run find the latest released tag (`git tag`) in the format `vX.Y.Z`, and then find the latest branch (`git branch --all`) whose `X.Y` is greater than the latest released tag.
+    -   If no such branch exists, then create one from the latest released branch.
 
 ## Remaining TODOs for this PR
-- [ ] Item1
-- [ ] Item2
+
+-   [ ] Item1
+-   [ ] Item2
diff --git a/.github/workflows/github-actions-changelog.yml b/.github/workflows/github-actions-changelog.yml
@@ -1,15 +1,15 @@
 name: "Enforcing changelog in PRs Workflow"
 on:
-  pull_request:
-      types: [opened, synchronize, reopened, ready_for_review, labeled, unlabeled]
+    pull_request:
+        types: [opened, synchronize, reopened, ready_for_review, labeled, unlabeled]
 
 jobs:
-  # Enforces the update of a changelog file on every pull request 
-  changelog:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-    - uses: dangoslen/changelog-enforcer@v2
-      with:
-        changeLogPath: 'CHANGELOG.md'
-        skipLabels: 'Skip-Changelog'
+    # Enforces the update of a changelog file on every pull request
+    changelog:
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v2
+            - uses: dangoslen/changelog-enforcer@v2
+              with:
+                  changeLogPath: "CHANGELOG.md"
+                  skipLabels: "Skip-Changelog"
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 -   https://github.com/supertokens/supertokens-node/issues/156
 
+## Breaking change:
+
+-   Updated minimum Oauth scopes required for various thirdparty providers.
+-   For thirdparty providers, if the scope array is passed by the user, the default scopes will not be used.
+
 ## [6.1.0] - 2021-06-24
 
 ## Changes

diff --git a/lib/build/recipe/thirdparty/providers/apple.js b/lib/build/recipe/thirdparty/providers/apple.js
diff --git a/lib/build/recipe/thirdparty/providers/facebook.js b/lib/build/recipe/thirdparty/providers/facebook.js
diff --git a/lib/build/recipe/thirdparty/providers/github.js b/lib/build/recipe/thirdparty/providers/github.js
diff --git a/lib/build/recipe/thirdparty/providers/google.js b/lib/build/recipe/thirdparty/providers/google.js
diff --git a/lib/ts/recipe/thirdparty/providers/apple.ts b/lib/ts/recipe/thirdparty/providers/apple.ts
@@ -132,9 +132,9 @@ export default function Apple(config: TypeThirdPartyProviderAppleConfig): TypePr
             accessTokenAPIParams.redirect_uri = redirectURI;
         }
         let authorisationRedirectURL = "https://appleid.apple.com/auth/authorize";
-        let scopes = ["name", "email"];
+        let scopes = ["email"];
         if (config.scope !== undefined) {
-            scopes.push(...config.scope);
+            scopes = config.scope;
             scopes = Array.from(new Set(scopes));
         }
         let additionalParams =

diff --git a/lib/ts/recipe/thirdparty/providers/facebook.ts b/lib/ts/recipe/thirdparty/providers/facebook.ts
@@ -68,7 +68,7 @@ export default function Facebook(config: TypeThirdPartyProviderFacebookConfig):
         let authorisationRedirectURL = "https://www.facebook.com/v9.0/dialog/oauth";
         let scopes = ["email"];
         if (config.scope !== undefined) {
-            scopes.push(...config.scope);
+            scopes = config.scope;
             scopes = Array.from(new Set(scopes));
         }
         let authorizationRedirectParams: { [key: string]: string } = {

diff --git a/lib/ts/recipe/thirdparty/providers/github.ts b/lib/ts/recipe/thirdparty/providers/github.ts
@@ -79,9 +79,9 @@ export default function Github(config: TypeThirdPartyProviderGithubConfig): Type
             accessTokenAPIParams.redirect_uri = redirectURI;
         }
         let authorisationRedirectURL = "https://github.com/login/oauth/authorize";
-        let scopes = ["user"];
+        let scopes = ["read:user", "user:email"];
         if (config.scope !== undefined) {
-            scopes.push(...config.scope);
+            scopes = config.scope;
             scopes = Array.from(new Set(scopes));
         }
         let additionalParams =

diff --git a/lib/ts/recipe/thirdparty/providers/google.ts b/lib/ts/recipe/thirdparty/providers/google.ts
@@ -80,12 +80,9 @@ export default function Google(config: TypeThirdPartyProviderGoogleConfig): Type
             accessTokenAPIParams.redirect_uri = redirectURI;
         }
         let authorisationRedirectURL = "https://accounts.google.com/o/oauth2/v2/auth";
-        let scopes = [
-            "https://www.googleapis.com/auth/userinfo.profile",
-            "https://www.googleapis.com/auth/userinfo.email",
-        ];
+        let scopes = ["https://www.googleapis.com/auth/userinfo.email"];
         if (config.scope !== undefined) {
-            scopes.push(...config.scope);
+            scopes = config.scope;
             scopes = Array.from(new Set(scopes));
         }
         let additionalParams =