node-oauth icon indicating copy to clipboard operation
node-oauth copied to clipboard
verified publisher icon ciaranj

Problem when using multiple scopes

Open eduardoboucas opened this issue 10 years ago • 2 comments

There's a problem with the GitHub example. When selecting multiple scopes, which happens by default in that example, only the last scope is actually requested to the API. This happens because of the way the auth URL is generated.

The URL generated is:

https://github.com/login/oauth/authorize?redirect_uri={uri}&scope=repo&scope=user&state={state}

But it should be:

https://github.com/login/oauth/authorize?redirect_uri={uri}&scope[]=repo&scope[]=user&state={state} (using the array notation for keys with multiple values).

I've created a pull request on the package that is being used to generate the query strings, so I guess the next step is to see if that is merged in.

eduardoboucas avatar Jul 24 '15 20:07 eduardoboucas

According to the GitHub v3 docs isn't scope supposed to be in one query param comma separated? I typically see this pattern of a single scope param, but with different delimiters (i.e. Runscope's API uses spaces between scopes)

mansilladev avatar Aug 21 '15 01:08 mansilladev

The example code should read:

    var authURL = oauth2.getAuthorizeUrl({
        ...,
        scope: 'repo,user',
        ...,
    });

Starefossen avatar Oct 04 '15 22:10 Starefossen