Once authalligator and authalligator-client have been upgraded to support requesting specific scopes, we should update the places where it's called to add the required scopes.
It doesn't really help with what the code suggest it's trying to do (it won't really "force a refresh", it will just try to check the token with an endpoint on the third party service)
The new scoped tokens that will be generated can't be verified against that Graph endpoint anyways
I think it will be a good chance to remove the call to verify_account.
Once
authalligator
andauthalligator-client
have been upgraded to support requesting specific scopes, we should update the places where it's called to add the required scopes.Main place seems to be
_new_access_token_from_authalligator
. TheOAuthAuthHandler
subclasses seems to have that info already (OAUTH_SCOPE
) Eg:https://github.com/closeio/sync-engine/blob/e19ff46f3ca8a1cb7fcfbdb6d0cc3cd10fe1a063/inbox/auth/microsoft.py#L39-L49