Not remembering oauth scopes

[wturnerharris]

Hello,

I'm using your fork here for the openid+oauth federated login for google apps domain. I succeed in logging the user in.

1. The problem here is when I have a scope for oauth to handle, it requests consent on subsequent logins (or even revisiting the sso login page).
2. Additionally a duplicate entry is added to the user's "connected sites" with each login, verifying the permissions on the "Authorized Access to your Google Account" page (Account > Security > Connected applications and sites).

If I removed the oauth scopes, it successfully remembers the login, but clearly I'm missing the scopes. When oauth scopes are enabled, each duplicate entry has the domain and "Sign in using your Google account" with no mention of additional permissions. In my case I'm only using one scope:

$openid->oauth = array( 'https://www.googleapis.com/auth/userinfo.profile' );

With oauth+openid, I successfully login and have the following:

[openid_ns_ext1] => http://specs.openid.net/extensions/oauth/1.0
[openid_ext1_scope] => https://www.googleapis.com/auth/userinfo.profile
[openid_ext1_request_token] => xxxToken

But as mentioned, subsequent visits ask again for consent due to the oauth scopes.

Any ideas as to why this happens?

For now, I'm using the required ax fields, which returns the desired info I'm looking to get with oauth.

 $openid->required = array('namePerson/last', 'namePerson/first', 'contact/email');

Thanks for any help.

[iignatov]

Sorry for the late reply.

I don't have any idea why this happens. I haven't used the OAuth feature myself, I just integrated @nhnb's patch from the Gitorious repo. I read Implementing OAuth with Federated Login (Hybrid Protocol) and tried to run the Hybrid Auth Demo but it seems outdated and I couldn't even login.

Thanks for reporting this, at least now it's a known issue.