Skip to content

Commit

Permalink
DXCDT-597: Don't require all scopes for client credentials auth (#917)
Browse files Browse the repository at this point in the history
* Removing requirement of scopes when authenticating with client credentials

* Moving required scopes into auth file

---------

Co-authored-by: Will Vedder <[email protected]>
  • Loading branch information
willvedd and willvedd authored Nov 21, 2023
1 parent 63ccef0 commit de12895
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 38 deletions.
24 changes: 23 additions & 1 deletion internal/auth/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,29 @@ func WaitUntilUserLogsIn(ctx context.Context, httpClient *http.Client, state Sta
}
}

var RequiredScopes = []string{
"openid",
"offline_access", // for retrieving refresh token
"create:clients", "delete:clients", "read:clients", "update:clients",
"read:client_grants",
"create:resource_servers", "delete:resource_servers", "read:resource_servers", "update:resource_servers",
"create:roles", "delete:roles", "read:roles", "update:roles",
"create:rules", "delete:rules", "read:rules", "update:rules",
"create:users", "delete:users", "read:users", "update:users",
"read:branding", "update:branding",
"read:email_templates", "update:email_templates",
"read:email_provider",
"read:connections", "update:connections",
"read:client_keys", "read:logs", "read:tenant_settings",
"read:custom_domains", "create:custom_domains", "update:custom_domains", "delete:custom_domains",
"read:anomaly_blocks", "delete:anomaly_blocks",
"create:log_streams", "delete:log_streams", "read:log_streams", "update:log_streams",
"create:actions", "delete:actions", "read:actions", "update:actions",
"create:organizations", "delete:organizations", "read:organizations", "update:organizations", "read:organization_members", "read:organization_member_roles", "read:organization_connections",
"read:prompts", "update:prompts",
"read:attack_protection", "update:attack_protection",
}

// GetDeviceCode kicks-off the device authentication flow by requesting
// a device code from Auth0. The returned state contains the
// URI for the next step of the flow.
Expand Down Expand Up @@ -212,7 +235,6 @@ func GetAccessTokenFromClientCreds(ctx context.Context, args ClientCredentials)
TokenURL: u.String() + "/oauth/token",
EndpointParams: url.Values{
"client_id": {args.ClientID},
"scope": {strings.Join(RequiredScopesForClientCreds(), " ")},
"audience": {u.String() + "/api/v2/"},
},
}
Expand Down
37 changes: 0 additions & 37 deletions internal/auth/scopes.go

This file was deleted.

0 comments on commit de12895

Please sign in to comment.