Scoped Access for Oauth Tokens

[sunjam]

See the official documentation for reference. Filing in the hopes of Oauth tokens adding scoped access to address the security risk of only supporting full read+write access. Thanks for your consideration!

Nextcloud OAuth2 implementation currently does not support scoped access. This means that every token has full access to the complete account including read and write permission to the stored files. It is essential to store the OAuth2 tokens in a safe way!

Without scopes and restrictable access it is not recommended to use a Nextcloud instance as a user authentication service.

[szaimen]

cc @nextcloud/server-triage is this feasible?

[sunjam]

OAuth Scopes is a mechanism in OAuth 2.0 to limit an application's
access to a user's account. An application can request one or more scopes,
this information is then presented to the user in the consent screen, and
the access token issued to the application will be limited to the scopes
granted.

Full details at https://oauth.net/2/scope/
…

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.

[sunjam]

Open please.

…

On 7/25/21 9:06 AM, nextcloud-stale[bot] wrote: This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#26233 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AANUKZQ6LA6CAV6NFCJNV2TTZQY75ANCNFSM4ZQU5W5A>.

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.

[sunjam]

open please

…

On Tue, Aug 24, 2021, 9:24 AM nextcloud-stale[bot] ***@***.***> wrote: This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#26233 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AANUKZQFTAR6FJNND66EOUDT6PBSLANCNFSM4ZQU5W5A> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email> .

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.