Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change the scopes for the google example #258

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Change the scopes for the google example #258

wants to merge 1 commit into from

Conversation

wt
Copy link

@wt wt commented Mar 7, 2024

The google integration example currently uses a couple of exotic scopes. I changed those scopes to make it easier to try the example. The scopes I chose are likely to be needed for most integrations that use Google OAuth for authentication. Those scope are the following:

@wt
Change the scopes for the google example
b9da630 
The google integration example currently uses a couple of exotic scopes.
I changed those scopes to make it easier to try the example. The scopes
I chose are likely to be needed for most integrations that use Google
OAuth for authentication. Those scope are the following:

  * openid
  * https://www.googleapis.com/auth/userinfo.email
@wt
Copy link
Author

wt commented Mar 7, 2024

FWIW, this can be cut down to only the openid scope if you think that makes better sense for the example.

@ramosbugs
Copy link
Owner

ramosbugs commented Mar 7, 2024
edited
Loading

Hey, thanks for the PR. I'd prefer not to add openid to the examples in this crate since the openidconnect crate is specifically intended for this use case and already has a Google example: https://github.com/ramosbugs/openidconnect-rs/blob/c67ffe94af24b65dbb596a68b6623baecf080eb8/examples/google.rs#L155-L156 (that crate always adds the openid scope; it doesn't need to be requested explicitly by apps)

The use case for this crate over openidconnect would be for apps that primarily need to make Google API requests on behalf of a user, which is the original purpose of OAuth2. OpenID Connect adds an identity layer on top of OAuth2 that's better designed for authenticating users to log in to third party apps. See https://stackoverflow.com/questions/1087031/whats-the-difference-between-openid-and-oauth.

@wt
Copy link
Author

wt commented Mar 8, 2024

Thanks for the tip on the openidconnect crate. I just found and switched to that.

The email scope still seems more relevant likely to be in someone's OAuth 2.0 project permissions than the calendar one. Maybe not though.

Having said that, documenting that one needs to create a OAuth2 client id in a project with certain scopes would probably help a lot to make this examples work for folks. It took me a bit to figure out that's what was wrong.

Another option would be to create an OAuth2 client secret that is only good for http://localhost:8080 since that's what this example uses for the redirection url.

@ramosbugs
Copy link
Owner

Yeah I agree. The examples should do a better job of documenting how to set up the corresponding provider to work with each example.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wt @ramosbugs