Replace usage of api with read_api in getAuthorizationUrl #25

garbast · 2021-05-26T07:45:15Z

Using api scope, while the same can be achieved with read_api, gives to many rights that are not needed.

This could be reduced in

Line 102 in 4f051cb

'scope' => ['api', 'read_user', 'openid']

infabo · 2021-06-02T10:53:18Z

+1

garbast · 2023-10-10T12:22:25Z

Where do we go from here with this request?

christian-fries · 2024-07-12T11:32:23Z

Because the change of the scope is a breaking change, I propose to target a new major version

garbast · 2024-12-23T13:42:07Z

Sadly this issues was ignored for 2 1/1 years for now. Seams to not be relevant for the extension author.

infabo · 2024-12-24T09:05:05Z

Because the change of the scope is a breaking change, I propose to target a new major version

Requiring less permissions is not a breaking change. All existing applications would work flawlessly with full "api" permissions.

zenobio93 self-assigned this Jan 17, 2022

zenobio93 removed their assignment Dec 21, 2023

christian-fries mentioned this issue Jul 10, 2024

Use scope read_api instead of full api access #53

Open

garbast closed this as completed Dec 23, 2024

Provide feedback