chadhutchins
commented
4 years ago It's most flexible not requiring this. Retracting this... if the use case needs it the developer can add it.
Closed chadhutchins closed 4 years ago
chadhutchins
commented
4 years ago It's most flexible not requiring this. Retracting this... if the use case needs it the developer can add it.
stevenmaguire
commented
4 years ago I agree with your decision. Scopes can be included on the fly when generating the authorization URL:
$authUrl = $provider->getAuthorizationUrl([
'scope' => $scopes
]);
If you do not pass the refresh_token scope, the refresh token is not provided upon authenticating with Salesforce. This seems like a reasonable default scope as the refresh token is necessary to use this client provider once the expiration period has passed. Please consider. Thanks!