Merge pull request #43 from overmindtech/new-scopes

Request minimal scopes on interactive authentication

Author: DavidS-ovm

cmd/createbookmark.go

@@ -66,7 +66,7 @@ func CreateBookmark(signals chan os.Signal, ready chan bool) int {
 	))
 	defer span.End()
 
-	ctx, err = ensureToken(ctx, signals)
+	ctx, err = ensureToken(ctx, []string{"changes:write"}, signals)
 	if err != nil {
 		log.WithContext(ctx).WithError(err).WithFields(log.Fields{
 			"url": viper.GetString("url"),

cmd/datamaps/awssource.go

@@ -52,7 +52,7 @@ func EndChange(signals chan os.Signal, ready chan bool) int {
 	))
 	defer span.End()
 
-	ctx, err = ensureToken(ctx, signals)
+	ctx, err = ensureToken(ctx, []string{"changes:write"}, signals)
 	if err != nil {
 		log.WithContext(ctx).WithFields(log.Fields{
 			"url": viper.GetString("url"),

cmd/endchange.go

@@ -70,7 +70,7 @@ func GetAffectedBookmarks(signals chan os.Signal, ready chan bool) int {
 	))
 	defer span.End()
 
-	ctx, err = ensureToken(ctx, signals)
+	ctx, err = ensureToken(ctx, []string{"changes:read"}, signals)
 	if err != nil {
 		log.WithContext(ctx).WithError(err).WithFields(log.Fields{
 			"url": viper.GetString("url"),

cmd/getaffectedbookmarks.go

@@ -60,7 +60,7 @@ func GetBookmark(signals chan os.Signal, ready chan bool) int {
 	))
 	defer span.End()
 
-	ctx, err = ensureToken(ctx, signals)
+	ctx, err = ensureToken(ctx, []string{"changes:read"}, signals)
 	if err != nil {
 		log.WithContext(ctx).WithError(err).WithFields(log.Fields{
 			"url": viper.GetString("url"),

cmd/getbookmark.go

@@ -54,7 +54,7 @@ func GetChange(signals chan os.Signal, ready chan bool) int {
 	))
 	defer span.End()
 
-	ctx, err = ensureToken(ctx, signals)
+	ctx, err = ensureToken(ctx, []string{"changes:read"}, signals)
 	if err != nil {
 		log.WithContext(ctx).WithFields(log.Fields{
 			"url": viper.GetString("url"),
@@ -90,6 +90,7 @@ func GetChange(signals chan os.Signal, ready chan bool) int {
 	log.WithContext(ctx).WithFields(log.Fields{
 		"change-uuid":        uuid.UUID(response.Msg.Change.Metadata.UUID),
 		"change-created":     response.Msg.Change.Metadata.CreatedAt.AsTime(),
+		"change-status":      response.Msg.Change.Metadata.Status.String(),
 		"change-name":        response.Msg.Change.Properties.Title,
 		"change-description": response.Msg.Change.Properties.Description,
 	}).Info("found change")

cmd/getchange.go

@@ -59,7 +59,7 @@ func GetSnapshot(signals chan os.Signal, ready chan bool) int {
 	))
 	defer span.End()
 
-	ctx, err = ensureToken(ctx, signals)
+	ctx, err = ensureToken(ctx, []string{"changes:read"}, signals)
 	if err != nil {
 		log.WithContext(ctx).WithError(err).WithFields(log.Fields{
 			"url": viper.GetString("url"),

cmd/getsnapshot.go

@@ -74,7 +74,7 @@ func Request(signals chan os.Signal, ready chan bool) int {
 
 	lf := log.Fields{}
 
-	ctx, err = ensureToken(ctx, signals)
+	ctx, err = ensureToken(ctx, []string{"explore:read"}, signals)
 	if err != nil {
 		log.WithContext(ctx).WithFields(lf).WithField("api-key-url", viper.GetString("api-key-url")).WithError(err).Error("failed to authenticate")
 		return 1

cmd/request.go

@@ -57,7 +57,7 @@ func Execute() {
 }
 
 // ensureToken
-func ensureToken(ctx context.Context, signals chan os.Signal) (context.Context, error) {
+func ensureToken(ctx context.Context, requiredScopes []string, signals chan os.Signal) (context.Context, error) {
 	// get a token from the api key if present
 	if viper.GetString("api-key") != "" {
 		log.WithContext(ctx).Debug("using provided token for authentication")
@@ -97,7 +97,7 @@ func ensureToken(ctx context.Context, signals chan os.Signal) (context.Context,
 		// Authenticate using the oauth resource owner password flow
 		config := oauth2.Config{
 			ClientID: viper.GetString("auth0-client-id"),
-			Scopes:   []string{"openid", "profile", "email", "gateway:stream", "request:send", "reverselink:request", "account:read", "source:read", "source:write", "api:read", "api:write", "gateway:objects"},
+			Scopes:   requiredScopes,
 			Endpoint: oauth2.Endpoint{
 				AuthURL:  fmt.Sprintf("https://%v/authorize", viper.GetString("auth0-domain")),
 				TokenURL: fmt.Sprintf("https://%v/oauth/token", viper.GetString("auth0-domain")),

cmd/root.go

@@ -52,7 +52,7 @@ func StartChange(signals chan os.Signal, ready chan bool) int {
 	))
 	defer span.End()
 
-	ctx, err = ensureToken(ctx, signals)
+	ctx, err = ensureToken(ctx, []string{"changes:write"},signals)
 	if err != nil {
 		log.WithContext(ctx).WithFields(log.Fields{
 			"url": viper.GetString("url"),