search

scribejava / scribejava

Simple OAuth library for Java
https://github.com/scribejava/scribejava
MIT License
5.43k stars 1.67k forks source link

Empty string scope is not allowed, but it is supported by some providers. #642

Closed Imaskar closed 8 years ago

Imaskar commented 8 years ago

For example, VK: https://oauth.vk.com/authorize?client_id=&display=popup&redirect_uri=&scope=&response_type=code&v=5.45&state= This gives you access to open profile info and doesn't ask for confirmation, which is convinient.

kullfar commented 8 years ago

In that case you just do not invoke '.scope("")' method. That's it. in https://github.com/scribejava/scribejava/blob/master/scribejava-apis/src/test/java/com/github/scribejava/apis/examples/VkontakteExample.java#L21 instead of

        final OAuth20Service service = new ServiceBuilder()
                .apiKey(clientId)
                .apiSecret(clientSecret)
                .scope("wall,offline") // replace with desired scope
                .callback("http://your.site.com/callback")
                .build(VkontakteApi.instance());

use this code

        final OAuth20Service service = new ServiceBuilder()
                .apiKey(clientId)
                .apiSecret(clientSecret)
                .callback("http://your.site.com/callback")
                .build(VkontakteApi.instance());

Then https://github.com/scribejava/scribejava/blob/master/scribejava-apis/src/main/java/com/github/scribejava/apis/VkontakteApi.java#L40 Will check for non-null scope

        if (config.hasScope()) { // Appending scope if present
            return String.format(SCOPED_AUTHORIZE_URL, config.getApiKey(), OAuthEncoder.encode(config.getCallback()),
                    OAuthEncoder.encode(config.getScope()));
        } else {
            return String.format(AUTHORIZE_URL, config.getApiKey(), OAuthEncoder.encode(config.getCallback()));
        }

And will not send 'scope' param at all.

Isn't it exactly what you want?