This seems to break my auth, as the social auth adds read_user onto the end of what is asked for, effectively causing a duplicate in the scopes that are handed to gitlab. This seems to break gitlab auth with a The requested scope is invalid, unknown, or malformed. message
I also don't need the api scope just for auth, and there is no way to provide an override setting since the code just sets it as the last thing.
My suggestion is to:
make the default [], and provide a way to set it from the environment or the settings.yaml file.
vsoch
commented
1 year ago
In the settings file if gitlab is enabled, the code just forces SOCIAL_AUTH_GITLAB_SCOPE to be api and read_user scopes.
https://github.com/singularityhub/sregistry/blob/ee23901a00a23d0d2a65fab5f484c803cfd60e44/shub/settings.py#L671
This seems to break my auth, as the social auth adds
read_useronto the end of what is asked for, effectively causing a duplicate in the scopes that are handed to gitlab. This seems to break gitlab auth with aThe requested scope is invalid, unknown, or malformed.messageI also don't need the
apiscope just for auth, and there is no way to provide an override setting since the code just sets it as the last thing.My suggestion is to: make the default
[], and provide a way to set it from the environment or the settings.yaml file.Discuss...