clarify why the default is full access scope all

marcellmars · marcellmars · commit 23ba114d47e7 · 2024-11-20T10:53:54.000+01:00
diff --git a/services/oauth2_provider/access_token.go b/services/oauth2_provider/access_token.go
@@ -88,6 +88,8 @@ func GrantAdditionalScopes(grantScopes string) auth.AccessTokenScope {
 		}
 	}
 
+	// since version 1.22, access tokens grant full access to the API
+	// with this access is reduced only if additional scopes are provided
 	accessTokenScope := auth.AccessTokenScope(strings.Join(tokenScopes, ","))
 	if accessTokenWithAdditionalScopes, err := accessTokenScope.Normalize(); err == nil && len(tokenScopes) > 0 {
 		return accessTokenWithAdditionalScopes

Original file line number	Diff line number	Diff line change
`@@ -88,6 +88,8 @@ func GrantAdditionalScopes(grantScopes string) auth.AccessTokenScope {`
`88`	`88`	`}`
`89`	`89`	`}`
`90`	`90`
	`91`	`+ // since version 1.22, access tokens grant full access to the API`
	`92`	`+ // with this access is reduced only if additional scopes are provided`
`91`	`93`	`accessTokenScope := auth.AccessTokenScope(strings.Join(tokenScopes, ","))`
`92`	`94`	`if accessTokenWithAdditionalScopes, err := accessTokenScope.Normalize(); err == nil && len(tokenScopes) > 0 {`
`93`	`95`	`return accessTokenWithAdditionalScopes`