Reenable new goo auths

* Comment in code that `profile` is OAuth 2.0 profile * Renamed a few PRs and Issues with the OpenID 2.0 naming correction when we switched to native OAuth 2.0 scope which failed down the line from historical comments. Perhaps helping clarify this a bit. Closes #1526 and applies to #613, #484 Refs: * https://developers.google.com/identity/protocols/googlescopes#openid_connect * https://www.gluu.org/blog/oauth-vs-openid-whats-the-difference/ *(Seems like a good explanation of the OpenID Connect aspect of this OAuth2 strategy)* > ~"OpenID Connect–not OpenID 1.0 or OpenID 2.0 (both previous versions are deprecated!)–is a profile of OAuth 2.0 that defines a workflow for authentication. The big difference between OpenID Connect and OAuth2 is the id_token. There is no id_token defined in OAuth2 because the id_token is specific to federated authentication." * https://oauth.net/articles/authentication/ *(laid out details)* NOTE: * This auth is really a mess between npmjs.com, GH, and all the changes goo has done over the years. This seems to be the path forward but am still relooking at #889 fallout
OpenUserJS · Mar 12, 2019 · 810b73e · 810b73e
1 parent ecf36af
commit 810b73e
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/controllers/auth.js b/controllers/auth.js
@@ -87,7 +87,7 @@ exports.auth = function (aReq, aRes, aNext) {
     }
 
     if (strategy === 'google') {
-      authOpts.scope = ['profile'];
+      authOpts.scope = ['profile']; // NOTE: OAuth 2.0 profile
     }
     authenticate = passport.authenticate(strategy, authOpts);
 

diff --git a/controllers/strategies.json b/controllers/strategies.json
@@ -17,7 +17,7 @@
   "google": {
     "name": "Google",
     "oauth": true,
-    "readonly": true
+    "readonly": false
   },
   "imgur": {
     "name": "Imgur",