AutoGPT
AutoGPT copied to clipboard
Significant-Gravitas
Handle incremental/duplicate OAuth authorization
Should we add a mechanism to prevent duplicate OAuth credentials?
Suppose a user has added OAuth credentials for user @username and with scopes scope_1 and scope_2. What if they then initiate an OAuth flow which results in credentials for the same user with the same scopes? Can we safely assume this isn't necessary, discard the new credentials, and keep the existing credentials?
Note: in a scenario where:
- the user has already authorized access to application A with scopes X through OAuth
- the user initiates another OAuth login to application A for scopes X
- the user is currently logged in to application A itself
then in many cases, application A will just dispense a new authorization token for that user with those scopes without any user interaction. On the user's end, this looks like:
- Click "Sign in with A"
- Pop-up opens and immediately closes
- New (duplicate) credentials appear(? - the question in this issue is whether they should)
This way, you can create 5 new duplicate sets of credentials in about 10 seconds.
This issue has automatically been marked as stale because it has not had any activity in the last 50 days. You can unstale it by commenting or removing the label. Otherwise, this issue will be closed in 10 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
As it turns out, many services will just return the same credentials in a case like this. We have to account for this too.
Services like Google do incremental authorization, so if you initiate a new OAuth flow for the same app+user with new scopes, these scopes will be added to the existing OAuth credentials for this app+user.