drewler
commented
2 years ago Since:
- We want to get rid of
verify_account - It doesn't really help with what the code suggest it's trying to do (it won't really "force a refresh", it will just try to check the token with an endpoint on the third party service)
- The new scoped tokens that will be generated can't be verified against that Graph endpoint anyways
I think it will be a good chance to remove the call to verify_account.
Once
authalligatorandauthalligator-clienthave been upgraded to support requesting specific scopes, we should update the places where it's called to add the required scopes.Main place seems to be
_new_access_token_from_authalligator. TheOAuthAuthHandlersubclasses seems to have that info already (OAUTH_SCOPE) Eg:https://github.com/closeio/sync-engine/blob/e19ff46f3ca8a1cb7fcfbdb6d0cc3cd10fe1a063/inbox/auth/microsoft.py#L39-L49