From eefbc837301acc49a33617063faafa97adee307e Mon Sep 17 00:00:00 2001
From: Markus Koller <markus-koller@gmx.ch>
Date: Tue, 31 Jan 2017 11:21:29 +0100
Subject: Only use API scopes for personal access tokens

---
 lib/gitlab/auth.rb | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb
index c6f9d0d7b82..92fe770728b 100644
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -2,9 +2,14 @@ module Gitlab
   module Auth
     MissingPersonalTokenError = Class.new(StandardError)
 
-    SCOPES = [:api, :read_user, :openid, :profile, :email].freeze
+    # Scopes used for GitLab API access
+    API_SCOPES = [:api, :read_user].freeze
+
+    # Scopes used by doorkeeper-openid_connect
+    OPENID_SCOPES = [:openid].freeze
+
     DEFAULT_SCOPES = [:api].freeze
-    OPTIONAL_SCOPES = SCOPES - DEFAULT_SCOPES
+    OPTIONAL_SCOPES = (API_SCOPES + OPENID_SCOPES - DEFAULT_SCOPES).freeze
 
     class << self
       def find_for_git_client(login, password, project:, ip:)
-- 
cgit v1.2.3