Issue 4 - Specify scopes for authorization

We were requesting read, write, and follow for the app, but not for the user authorization. I've added these scopes to the oauth redirect when logging in.
2019-03-16 10:37:53 +00:00 · 2019-03-16 10:37:53 +00:00 · 9a0fb86099
parent 623a94d434
commit 9a0fb86099
2 changed files with 12 additions and 10 deletions
--- a/app/Http/Controllers/LoginController.php
+++ b/app/Http/Controllers/LoginController.php
@ -12,14 +12,14 @@ use Socialite;
 */
 class LoginController extends Controller
 {
-	/**
-	 * Direct the user to the Mastodon OAuth login page.
-	 *
-	 * First check to see if we are registered as an app with the Mastodon API,
-	 * then direct users to the OAuth login.
-	 *
-	 * @return Illuminate\Http\RedirectResponse Redirect to the OAuth login.
-	 */
+    /**
+     * Direct the user to the Mastodon OAuth login page.
+     *
+     * First check to see if we are registered as an app with the Mastodon API,
+     * then direct users to the OAuth login.
+     *
+     * @return Illuminate\Http\RedirectResponse Redirect to the OAuth login.
+     */
    public function login()
    {
        # Check if this app is already registered.
@ -70,7 +70,9 @@ class LoginController extends Controller
        session(['client_secret' => $client_secret]);

        # Redirect the user to their instance to log in.
-        return Socialite::driver('mastodon')->redirect();
+	return Socialite::driver('mastodon')
+            ->setScopes(config('services.mastodon.scope', config('services.mastodon.scopes')))
+            ->redirect();
    }

    /**
--- a/config/services.php
+++ b/config/services.php
@ -41,6 +41,6 @@ return [
        'client_secret' => env('MASTODON_SECRET'),
        'redirect'      => env('MASTODON_REDIRECT'),
        //'read', 'write', 'follow'
-        'scopes'         => ['read', 'write', 'follow'],
+	'scopes'        => ['read', 'write', 'follow'],
    ],
 ];