Site-kit-wp: Proxy setup URL must contain all required scopes

Created on 21 Oct 2019  Â·  5Comments  Â·  Source: google/site-kit-wp

Bug Description

Currently the proxy requests all scopes that have been granted by your Google account, regardless of which site you're using it on.

To solve this, we need to ensure that all require OAuth scopes are passed along in a query parameter in the setup URL for the proxy.

_Do not alter or remove anything below. The following sections will be managed by moderators only._

Acceptance criteria

  • The proxy setup URL must always contain a scope parameter which includes the currently required scopes as a space-separated string.

Implementation Brief

  • In OAuth_Client::get_proxy_setup_url(), use $this->get_required_scopes() to add a scope query parameter to the URL (regardless of condition).

Changelog entry

  • Fix authentication service requesting partially incorrect scopes.
P0 Bug
Source
picture aaemnnosttv

All 5 comments

IBR ✅

aaemnnosttv picture aaemnnosttv on 21 Oct 2019

CR ✅

aaemnnosttv picture aaemnnosttv on 21 Oct 2019

@aaemnnosttv Would be great if you could QA this since it is related to the issue you were describing earlier today.

felixarntz picture felixarntz on 21 Oct 2019
👍1

QA: ✅

Steps taken

  1. Start with Google account which has used the Site Kit proxy before, which has already granted scopes for different services (particularly Analytics)
    image
  2. Create a new public site which has never been connected to the proxy service before (using jurassic.ninja)
  3. Install Site Kit and initiate set up on proxy
  4. Sign in with Google on proxy
    _only scopes required by initial set up were requested_
    image
    _did not see an unverified app warning_
  5. Completed setup on proxy
  6. Site Kit works as expected after returning from proxy
aaemnnosttv picture aaemnnosttv on 22 Oct 2019
🎉1

Verified with two separate sites -- see parameter
&scope=openid%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fsiteverification%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fwebmasters

marrrmarrr picture marrrmarrr on 22 Oct 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

felixarntz picture felixarntz  Â·  4Comments
tunakode picture tunakode  Â·  4Comments
Loganson picture Loganson  Â·  5Comments
felixarntz picture felixarntz  Â·  4Comments
aaemnnosttv picture aaemnnosttv  Â·  5Comments