Only use API scopes for personal access tokens

author: Markus Koller <markus-koller@gmx.ch> 2017-01-31 11:21:29 +0100
committer: Alexis Reigel <mail@koffeinfrei.org> 2017-03-07 15:00:29 +0100
commit: eefbc837301acc49a33617063faafa97adee307e (patch)
tree: b46f35df1792744897dfe1d31d9a519d19f09669 /lib
parent: 93daeee16428707fc348f8c45215854aed6e117a (diff)
download: gitlab-ce-eefbc837301acc49a33617063faafa97adee307e.tar.gz
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb
index c6f9d0d7b82..92fe770728b 100644
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -2,9 +2,14 @@ module Gitlab
   module Auth
     MissingPersonalTokenError = Class.new(StandardError)
 
-    SCOPES = [:api, :read_user, :openid, :profile, :email].freeze
+    # Scopes used for GitLab API access
+    API_SCOPES = [:api, :read_user].freeze
+
+    # Scopes used by doorkeeper-openid_connect
+    OPENID_SCOPES = [:openid].freeze
+
     DEFAULT_SCOPES = [:api].freeze
-    OPTIONAL_SCOPES = SCOPES - DEFAULT_SCOPES
+    OPTIONAL_SCOPES = (API_SCOPES + OPENID_SCOPES - DEFAULT_SCOPES).freeze
 
     class << self
       def find_for_git_client(login, password, project:, ip:)
author	Markus Koller <markus-koller@gmx.ch>	2017-01-31 11:21:29 +0100
committer	Alexis Reigel <mail@koffeinfrei.org>	2017-03-07 15:00:29 +0100
commit	eefbc837301acc49a33617063faafa97adee307e (patch)
tree	b46f35df1792744897dfe1d31d9a519d19f09669 /lib
parent	93daeee16428707fc348f8c45215854aed6e117a (diff)
download	gitlab-ce-eefbc837301acc49a33617063faafa97adee307e.tar.gz