Skip to content

Add OAuth2 scope constants and validation #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add OAuth2 scope constants and validation #8

wants to merge 2 commits into from
+124 −1

Conversation

HolyGrail
Copy link

Summary

This PR adds explicit OAuth2 scope support to the omniauth-twitter2 strategy, providing constants and validation aligned with the official X (Twitter) API v2 documentation.

Motivation

The X API v2 OAuth2 implementation requires explicit scope definitions for proper authorization. This PR provides developers with:

  • A complete list of available scopes as constants
  • Default scope configuration
  • Validation to help catch typos and invalid scopes during development

Changes

Implementation

  • Added AVAILABLE_SCOPES constant with all 20 OAuth2 scopes from the official X API documentation
  • Added DEFAULT_SCOPE constant set to "tweet.read users.read"
  • Implemented authorize_params method to handle scope configuration and validation
  • Validation logs warnings for invalid scopes but allows authentication to proceed

Documentation

  • Added complete scope list with descriptions in README
  • Provided usage examples for custom scope configuration
  • Updated CHANGELOG with feature details

Testing

  • Added comprehensive test coverage for scope functionality
  • Tests verify scope count, presence of specific scopes, and default behavior

Backward Compatibility

This change is fully backward compatible:

  • Applications without explicit scope configuration will use the default scope
  • Applications with existing scope configurations continue to work unchanged
  • Invalid scopes trigger warnings only - authentication flow continues normally

Verification

References

Checklist

  • Code follows the project's style guidelines
  • Self-review completed
  • Tests pass locally
  • Documentation updated
  • No breaking changes
  • Rubocop compliant

@HolyGrail
feat: add OAuth2 scope constants and validation
194b9c6 
- Add AVAILABLE_SCOPES constant with all 20 supported X OAuth2 scopes
- Add DEFAULT_SCOPE constant set to "tweet.read users.read"
- Add authorize_params method for scope handling and validation
- Add comprehensive test coverage for scope functionality
- Include all scopes from official X API documentation:
  - users.email for email access
  - media.write for media upload
- Ensure backward compatibility with existing implementations
@HolyGrail
docs: add OAuth2 scope documentation and changelog
0b6db25 
- Document all 20 available OAuth2 scopes in README
- Add usage examples for custom scope configuration
- Update CHANGELOG with new features
- Include descriptions for users.email and media.write scopes
@HolyGrail HolyGrail force-pushed the feature/add-oauth2-scope-support branch from 7a3593a to 0b6db25 Compare August 2, 2025 16:30
unasuke
unasuke reviewed Aug 3, 2025
View reviewed changes
CHANGELOG.md
Comment on lines +4 to +8
- Added `AVAILABLE_SCOPES` constant with all supported X (Twitter) OAuth 2.0 scopes
- Added `DEFAULT_SCOPE` constant set to "tweet.read users.read"
- Added default `authorize_params` with scope configuration
- Added `authorize_params` method to handle scope validation and defaults
- Added comprehensive documentation for available scopes in README
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- Added `AVAILABLE_SCOPES` constant with all supported X (Twitter) OAuth 2.0 scopes
- Added `DEFAULT_SCOPE` constant set to "tweet.read users.read"
- Added default `authorize_params` with scope configuration
- Added `authorize_params` method to handle scope validation and defaults
- Added comprehensive documentation for available scopes in README
- Add OAuth2 scope constants and validation ([#8](https://github.com/unasuke/omniauth-twitter2/pull/8))
- Added `AVAILABLE_SCOPES` constant with all supported X (Twitter) OAuth 2.0 scopes
- Added `DEFAULT_SCOPE` constant set to "tweet.read users.read"
- Added default `authorize_params` with scope configuration
- Added `authorize_params` method to handle scope validation and defaults
- Added comprehensive documentation for available scopes in README

CHANGELOG.md
- Added comprehensive documentation for available scopes in README

### Changed
- Scope parameter is now explicitly handled with defaults and validation
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- Scope parameter is now explicitly handled with defaults and validation
- Add OAuth2 scope constants and validation ([#8](https://github.com/unasuke/omniauth-twitter2/pull/8))
- Scope parameter is now explicitly handled with defaults and validation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@unasuke unasuke unasuke left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@HolyGrail @unasuke