Revert "Merge branch 'oauth-extra-scopes' into 'develop'"
This reverts merge request !1024 (merged)
Merge request reports
Activity
enabled an automatic merge when the pipeline for b3992358 succeeds
mentioned in commit c2c48ec2
@lambadalambda Once pleroma!2061 (merged) is merged, it's safe to revert this revertion.
-
@hj It does work on back-ends older than 2 days (prior to merge of pleroma!2025 (merged)). And it'll work on new BEs once pleroma!2061 (merged) is merged. Older BEs didn't reject admin scopes, they didn't make any use of them. New BEs make use of admin scopes, but we need to gracefully clear such for non-admin users.
Upd.: 2061 was merged.
Edited by Ivan Tashkinov 
What was the reason for original revert?
If you requested
adminscope as a non-admin user on a backend that support admin scopes, it would reject the request.So if i understand correctly either a DB migration adds missing scopes automatically or FE needs to request those itself?
Currently it's the latter, though I think we should do the former. @i1t what do you think?
-
PleromaFE creates an app on each load and sets supported OAuth scopes on it. It used to be
read write follow, now it'sread write follow push admin.On sign-in, PleromaFE requests OAuth scopes for the user. At this stage it's unknown whether a user is an admin or not, and it'd be incorrect to pre-request this info anyways. So, PleromaFE requests
read write follow push adminfor any user. BE determines if user is an admin and keeps admin scopes(s) only in this case, so the resulting token hasread write follow push adminscopes for admins andread write follow pushfor non-admins.If new version of FE interacts with older BE, it'll result in
read write follow push adminscopes set for all users. Older BEs don't deal with admin scopes (i.e. grant no special abilities if those are present) and don't control usage of those.@rinpatch, once we bundle updated FE versions with BE, I agree it'd be better to migrate existing apps / admin authorizations / admin tokens to add
adminscope. Will take care of that once admin scope functionality is merged to PleromaFE again.Edited by Ivan Tashkinov mentioned in commit 341416b0
-
Created the revert of this revert: !1034 (merged)
mentioned in merge request !1034 (merged)
-
@hj,
pushis a standard Mastodon scope for managing push subscriptions. Added a more detailed description to !1034 (merged).As for making someone an admin, it doesn't currently modify this user's tokens. Some apps (unfortunately, not all) allow user to explicitly select OAuth permissions on sign in, and it could be that an admin user intentionally deselected admin scopes in some client apps, so we shouldn't extend token scopes for every app. As for PleromaFE, we know that it (currently) doesn't allow users to deselect any scopes, so we could potentially extend PleromaFE (and bundled MastoFE, though there were good times it allowed to specifically select permissions on login) tokens with admin scope when user is made an admin.
When an admin is downgraded to a regular user, such user is signed out of all apps. We could do the same when user is promoted to an admin from regular user, that'd be easier and more transparent (plus no need to make guesses on why any permissions that app supports are missing on token, was it a user decision or not).
Edited by Ivan Tashkinov -
Note: right now BE does not enforce admin scopes usage, and FE will work with older and new versions of BE without the need to do anything to tokens (e.g. sign out / sign in isn't needed). !1034 (merged) is ready for the merge.
mentioned in issue pleroma#1478 (closed)
