diff options
| -rw-r--r-- | src/indieauth/mod.rs | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/src/indieauth/mod.rs b/src/indieauth/mod.rs index 2f90a19..2e8a44b 100644 --- a/src/indieauth/mod.rs +++ b/src/indieauth/mod.rs @@ -158,7 +158,7 @@ pub async fn metadata(Host(host): Host) -> Metadata { async fn authorization_endpoint_get<A: AuthBackend, D: Storage + 'static>( Host(host): Host, - Query(request): Query<AuthorizationRequest>, + Query(mut request): Query<AuthorizationRequest>, State(db): State<D>, State(http): State<reqwest_middleware::ClientWithMiddleware>, State(auth): State<A>, @@ -306,6 +306,18 @@ async fn authorization_endpoint_get<A: AuthBackend, D: Storage + 'static>( tracing::debug!("Application metadata: {:#?}", h_app); + // Sanity check: some older applications don't ask for scopes when they're supposed to. + // + // Give them the profile scope at least? + if request + .scope + .as_ref() + .map(|scope: &Scopes| scope.is_empty()) + .unwrap_or(true) + { + request.scope.replace(Scopes::new(vec![Scope::Profile])); + } + Html( kittybox_frontend_renderer::Template { title: "Confirm sign-in via IndieAuth", |