Closed Imaskar closed 8 years ago
In that case you just do not invoke '.scope("")' method. That's it. in https://github.com/scribejava/scribejava/blob/master/scribejava-apis/src/test/java/com/github/scribejava/apis/examples/VkontakteExample.java#L21 instead of
final OAuth20Service service = new ServiceBuilder()
.apiKey(clientId)
.apiSecret(clientSecret)
.scope("wall,offline") // replace with desired scope
.callback("http://your.site.com/callback")
.build(VkontakteApi.instance());
use this code
final OAuth20Service service = new ServiceBuilder()
.apiKey(clientId)
.apiSecret(clientSecret)
.callback("http://your.site.com/callback")
.build(VkontakteApi.instance());
Then https://github.com/scribejava/scribejava/blob/master/scribejava-apis/src/main/java/com/github/scribejava/apis/VkontakteApi.java#L40 Will check for non-null scope
if (config.hasScope()) { // Appending scope if present
return String.format(SCOPED_AUTHORIZE_URL, config.getApiKey(), OAuthEncoder.encode(config.getCallback()),
OAuthEncoder.encode(config.getScope()));
} else {
return String.format(AUTHORIZE_URL, config.getApiKey(), OAuthEncoder.encode(config.getCallback()));
}
And will not send 'scope' param at all.
Isn't it exactly what you want?
For example, VK: https://oauth.vk.com/authorize?client_id=&display=popup&redirect_uri=&scope=&response_type=code&v=5.45&state=
This gives you access to open profile info and doesn't ask for confirmation, which is convinient.