Closed dhensby closed 1 month ago
We should make clear that array scopes need to be trimmed etc. We do that with strings in parseScope but we do not validate if it's an array. Could there be any issues involved with array scopes?
We can introduce a "validate scopes" function that validates an array of scopes - I did think about this, but decided that would lean this towards a "feature" rather than a "fix" (and I wanted to go for a fix here).
Because this array of scopes if provided by the developer (or should be!) then I don't think there's such a risk to have malformed arrays of scopes. Do we validated the arrays of scopes that are provided in any other part of the library?
Just to touch on the typings too - we could just put it as scope?: string[]
if we feel use of a string
is to be deprecated, because there's no need for the typings to include deprecated values and clearly the typings hadn't been causing problems for people up to now 😅
I've made the small change which essentially reverts the change from #305 so that the typings reflect our ideal implementation.
I think that keeps things straightforward for implementors in TS and also means it's less likely users will need to perform refactors when we do remove the string
support if they've been following the types.
Any blockers here/on a release? At the moment I'm relying on
"foo" as unknown as string[]
Which is a bit of a code-smell, to say the least 😅
@Lordfirespeed I'm back at the office tomorrow and will then release an RC that reflects on all recent PRs.
@Lordfirespeed I'm back at the office tomorrow
Awesome! Thanks very much ♥️ hope your holidays have been restful & enjoyable
Summary
In #267 some changes were made for compliance reasons where scopes should be treated as strings for our OAuth interfaces but as arrays of strings for internal purposes. As part of that change, we accidentally made the
scope
prop for theauthenticate
method only support strings.This change remediates any potential backwards compatibility changes from v5.0 to v5.1
Linked issue(s)
307 & #267
Involved parts of the project
authenticate handler
Added tests?
✅