search

wohali / oauth2-discord-new

New Discord Provider for the OAuth 2.0 Client
MIT License
118 stars 22 forks source link

Revisit default scopes #43

Open ShawnCZek opened 1 year ago

ShawnCZek commented 1 year ago

The default scopes were flawed because many of them are not vital for providing the basic user interface:

This should not be a complete list of all scopes, but the minimum required for the provider user interface!

Whether the email scope should be included as well is for discussion. Nevertheless, since DiscordResourceOwner provides a getter for the email address, I have included it, too.

This is a breaking change because if the developer does not specify the scopes, their existing authorization grants will become invalid. As a result of this, existing users will have to reauthorize (due to the change of scopes). On the other hand, starting with this library will be easier for new developers as, most of the time, different scopes are unnecessary.

wohali commented 1 year ago

Need to think about this one.

ShawnCZek commented 1 month ago

Just my two cents: if you decide to release a new major version because of this, it would be worth dropping the support of PHP 7.x versions. They are barely used, and their usage should be discouraged.