diff options
| author | Vika <vika@fireburn.ru> | 2025-04-16 02:26:38 +0300 |
|---|---|---|
| committer | Vika <vika@fireburn.ru> | 2025-04-16 02:26:38 +0300 |
| commit | bfea4c5b7cf5aa1e1267f3e886fd41aa2fc8fce6 (patch) | |
| tree | 472724bc1dcec869b9d788d5b519c4b24b1e0e58 /src/indieauth/mod.rs | |
| parent | f21205362058d65d1372c0357e8cf60bf2a07e27 (diff) | |
| download | kittybox-bfea4c5b7cf5aa1e1267f3e886fd41aa2fc8fce6.tar.zst | |
indieauth: Grant `profile` scope to apps that didn't request any scopes
This should fix logging into legacy IndieAuth applications that don't request scopes. Change-Id: I7063f825fdd26ecf57aef52bc172d5bf81d05ca2
Diffstat (limited to 'src/indieauth/mod.rs')
| -rw-r--r-- | src/indieauth/mod.rs | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/src/indieauth/mod.rs b/src/indieauth/mod.rs index 2f90a19..2e8a44b 100644 --- a/src/indieauth/mod.rs +++ b/src/indieauth/mod.rs @@ -158,7 +158,7 @@ pub async fn metadata(Host(host): Host) -> Metadata { async fn authorization_endpoint_get<A: AuthBackend, D: Storage + 'static>( Host(host): Host, - Query(request): Query<AuthorizationRequest>, + Query(mut request): Query<AuthorizationRequest>, State(db): State<D>, State(http): State<reqwest_middleware::ClientWithMiddleware>, State(auth): State<A>, @@ -306,6 +306,18 @@ async fn authorization_endpoint_get<A: AuthBackend, D: Storage + 'static>( tracing::debug!("Application metadata: {:#?}", h_app); + // Sanity check: some older applications don't ask for scopes when they're supposed to. + // + // Give them the profile scope at least? + if request + .scope + .as_ref() + .map(|scope: &Scopes| scope.is_empty()) + .unwrap_or(true) + { + request.scope.replace(Scopes::new(vec![Scope::Profile])); + } + Html( kittybox_frontend_renderer::Template { title: "Confirm sign-in via IndieAuth", |