Issue 4 - Specify scopes for authorization

We were requesting read, write, and follow for the app, but not
for the user authorization. I've added these scopes to the oauth
redirect when logging in.
This commit is contained in:
St John Karp 2019-03-16 10:37:53 +00:00
parent 623a94d434
commit 9a0fb86099
2 changed files with 12 additions and 10 deletions

View File

@ -12,14 +12,14 @@ use Socialite;
*/ */
class LoginController extends Controller class LoginController extends Controller
{ {
/** /**
* Direct the user to the Mastodon OAuth login page. * Direct the user to the Mastodon OAuth login page.
* *
* First check to see if we are registered as an app with the Mastodon API, * First check to see if we are registered as an app with the Mastodon API,
* then direct users to the OAuth login. * then direct users to the OAuth login.
* *
* @return Illuminate\Http\RedirectResponse Redirect to the OAuth login. * @return Illuminate\Http\RedirectResponse Redirect to the OAuth login.
*/ */
public function login() public function login()
{ {
# Check if this app is already registered. # Check if this app is already registered.
@ -70,7 +70,9 @@ class LoginController extends Controller
session(['client_secret' => $client_secret]); session(['client_secret' => $client_secret]);
# Redirect the user to their instance to log in. # Redirect the user to their instance to log in.
return Socialite::driver('mastodon')->redirect(); return Socialite::driver('mastodon')
->setScopes(config('services.mastodon.scope', config('services.mastodon.scopes')))
->redirect();
} }
/** /**

View File

@ -41,6 +41,6 @@ return [
'client_secret' => env('MASTODON_SECRET'), 'client_secret' => env('MASTODON_SECRET'),
'redirect' => env('MASTODON_REDIRECT'), 'redirect' => env('MASTODON_REDIRECT'),
//'read', 'write', 'follow' //'read', 'write', 'follow'
'scopes' => ['read', 'write', 'follow'], 'scopes' => ['read', 'write', 'follow'],
], ],
]; ];