Plugin: OAuth2: Add options to set scope - refs BT#18776

5 years ago · 7de0a3849b
parent 0538fb4917
commit 7de0a3849b
2 changed files with 19 additions and 11 deletions
--- a/plugin/oauth2/lang/english.php
+++ b/plugin/oauth2/lang/english.php
@ -26,6 +26,12 @@ $strings['authorize_url'] = 'Authorize URL';
 $strings['authorize_url_help'] = 'The <em>OAuth2</em> server URL to request authorization.
 <br/>Required.';

+$strings['scopes'] = 'Scopes';
+$strings['scopes_help'] = 'Scope is a mechanism in <em>OAuth2</em> to limit an application\'s access to a user\'s account.
+An application can request one or more scopes, this information is then presented to the user in the consent screen,
+and the access token issued to the application will be limited to the scopes granted.
+Multiple scopes should be set separeted with <code>,</code>.';
+
 $strings['access_token_url'] = 'Access Token URL';
 $strings['access_token_url_help'] = 'The <em>OAuth2</em> server URL to request an access token.
 <br/>Required.';
--- a/plugin/oauth2/src/OAuth2.php
+++ b/plugin/oauth2/src/OAuth2.php
@ -24,8 +24,8 @@ class OAuth2 extends Plugin
    const SETTING_CLIENT_SECRET = 'client_secret';

    const SETTING_AUTHORIZE_URL = 'authorize_url';
-    // const SETTING_SCOPES = 'scopes';
-    // const SETTING_SCOPE_SEPARATOR = 'scope_separator';
+    const SETTING_SCOPES = 'scopes';
+    const SETTING_SCOPE_SEPARATOR = 'scope_separator';

    const SETTING_ACCESS_TOKEN_URL = 'access_token_url';
    const SETTING_ACCESS_TOKEN_METHOD = 'access_token_method';
@ -68,8 +68,8 @@ class OAuth2 extends Plugin
                self::SETTING_CLIENT_SECRET => 'text',

                self::SETTING_AUTHORIZE_URL => 'text',
-                // self::SETTING_SCOPES => 'text',
-                // self::SETTING_SCOPE_SEPARATOR => 'text',
+                self::SETTING_SCOPES => 'text',
+                self::SETTING_SCOPE_SEPARATOR => 'text',

                self::SETTING_ACCESS_TOKEN_URL => 'text',
                self::SETTING_ACCESS_TOKEN_METHOD => [
@ -131,13 +131,15 @@ class OAuth2 extends Plugin
            'urlResourceOwnerDetails' => $this->get(self::SETTING_RESOURCE_OWNER_DETAILS_URL),
        ];

-//        if ('' !== $scopeSeparator = (string) $this->get(self::SETTING_SCOPE_SEPARATOR)) {
-//            $options['scopeSeparator'] = $scopeSeparator;
-//        }
-//
-//        if ('' !== $scopes = (string) $this->get(self::SETTING_SCOPES)) {
-//            $options['scopes'] = explode($scopeSeparator, $scopes);
-//        }
+        if ('' === $scopeSeparator = (string) $this->get(self::SETTING_SCOPE_SEPARATOR)) {
+            $scopeSeparator = ' ';
+        }
+
+        $options['scopeSeparator'] = $scopeSeparator;
+
+        if ('' !== $scopes = (string) $this->get(self::SETTING_SCOPES)) {
+            $options['scopes'] = explode($scopeSeparator, $scopes);
+        }

        if ('' !== $urlAccessToken = (string) $this->get(self::SETTING_ACCESS_TOKEN_URL)) {
            $options['urlAccessToken'] = $urlAccessToken;