Scopes and services
Closed this issue · 6 comments
Hi, this is an awesome package! How would I go about changing the level of access, scope, and the types of services used by Google with this package? Would I have to write my own service provider or something? I'd like to access a user's Google Drive files with the Google Drive api and 'drive.file' scope as noted here: https://developers.google.com/drive/scopes#google_drive_scopes.
Hi @jgrayillustrate, thanks for using laravel-google-auth!
Those things are achieved by altering the auth URL, the one generated by Auth::getAuthUrl() when using this package. Unfortunately the package doesn't currently expose any way of doing that - it wasn't something I needed at the time I wrote the package so it didn't occur to me.
The underlying Google SDK's Google_Client class provides a pretty straightforward way to do it via either setScopes() or addService() (which are mutually exclusive) and setAccessType(). I'm thinking we could just add two optional parameters to GoogleAuthGuard::getAuthUrl() and its counterpart GoogleUserProvider::getAuthUrl(), and have that method call the appropriate methods before it calls Google_Client::createAuthUrl().
Would you be interested in making the change and sending a pull request?
Actually, having thought about it some more, I think we should leave the getAuthUrl() function alone and add scopes (as an array) and access_type (as a string) to the package's config, and call addService() and setAccessType() from LaravelGoogleAuthServiceProvider::register() after it creates the Google_Client instance.
Cool, that's a good start. There are a couple of things to change though:
setScopes() vs addService()
If you look at the source code for Google_Client::prepareService() (from the SDK) you'll see that if you've called setScopes(), then your calls to addService() will have no effect, so we need to pick one of the two methods. I like setScopes() better because it assumes less about the input - for example if you wanted to set the scopes openid email and https://www.googleapis.com/auth/drive, when you call addService('openid') it will convert that to 'https://www.googleapis.com/auth/openid' which isn't what you want.
So can you delete the call to addService() and the config property 'services' please?
Handling the 'scopes' config property
This should be an array() in the config, so as a default can you set it to the following array instead of null:
'scopes' => array(
'https://www.googleapis.com/auth/userinfo.profile',
'https://www.googleapis.com/auth/userinfo.email',
),That way, it will match the default behaviour of the SDK (which is to include those scopes by default); if we don't do that, the call to setScopes() will clobber the defaults and send no scopes at all.
Documentation
The new config properties will need to be documented too, can you add the below to config.php:
services
An array of scopes to be requested during authentication. For information about available login scopes, see https://developers.google.com/+/api/oauth#login-scopes. To see the available scopes for all Google APIs, visit the APIs Explorer at https://developers.google.com/apis-explorer/#p/ .
access_type
The effect of this property is documented at https://developers.google.com/accounts/docs/OAuth2WebServer#offline; if an access token is being requested, the client does not receive a refresh token unless offline is specified.
Possible values for access_type include:
"offline"to request offline access from the user. (This is the default value)"online"to request online access from the user.