File 0001-Google-provider-limit-requested-OAuth-scop... of Package kaccounts-providers

Overview Repositories Revisions Requests Users Attributes Meta

File 0001-Google-provider-limit-requested-OAuth-scopes.patch of Package kaccounts-providers

From 0a71da4e3caae0defe200a85954fc7e2012010c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Vr=C3=A1til?= <dvratil@kde.org>
Date: Mon, 13 Jan 2020 13:48:37 +0100
Subject: [PATCH] Google provider: limit requested OAuth scopes

Summary:
Limit the scopes to what is actually permitted in the Google App settings:
contacts and calendars for future PIM integration, GDrive for KIO-GDrive,
and Youtube (upload-only) for the Purpose sharing plugin. We can extend
this in the future if needed easilly, it's easier for us to get the
Google App verified if we can proof and show how the individual scopes
are used by KDE.

Reviewers: elvisangelaccio, bshah

Reviewed By: elvisangelaccio, bshah

Differential Revision: https://phabricator.kde.org/D26454

(Merged with commit 5952bf2: Remove the extra comma)

---
 providers/google.provider.in | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

diff --git a/providers/google.provider.in b/providers/google.provider.in
index 638c1a9..97307af 100644
--- a/providers/google.provider.in
+++ b/providers/google.provider.in
@@ -21,22 +21,15 @@
                order to return a refresh token -->
           <setting name="ResponseType">code</setting>
           <setting name="Scope" type="as">[
-              'https://docs.google.com/feeds/',
-              'https://www.googleapis.com/auth/googletalk',
-              'https://www.googleapis.com/auth/youtube.upload',
-              'https://www.googleapis.com/auth/youtube',
               'https://www.googleapis.com/auth/userinfo.email',
               'https://www.googleapis.com/auth/userinfo.profile',
-              'https://picasaweb.google.com/data/',
               'https://www.googleapis.com/auth/calendar',
-              'https://www.google.com/m8/feeds/',
               'https://www.googleapis.com/auth/tasks',
+              'https://www.google.com/m8/feeds/',
               'https://www.googleapis.com/auth/drive',
-              'https://www.googleapis.com/auth/drive.file',
-              'https://www.googleapis.com/auth/drive.metadata.readonly',
-              'https://www.googleapis.com/auth/drive.readonly'
+              'https://www.googleapis.com/auth/youtube.upload'
           ]</setting>
-          <setting name="AllowedSchemes" type="as">['https','http']</setting>
+          <setting name="AllowedSchemes" type="as">['https']</setting>
           <setting name="ClientId">317066460457-pkpkedrvt2ldq6g2hj1egfka2n7vpuoo.apps.googleusercontent.com</setting>
           <setting name="ClientSecret">Y8eFAaWfcanV3amZdDvtbYUq</setting>
           <setting name="ForceClientAuthViaRequestBody" type="b">true</setting>

Places

File 0001-Google-provider-limit-requested-OAuth-scopes.patch of Package kaccounts-providers

Places