Note that bot and webhook.incoming passthrough scopes always require authorization

Created on 19 October 2023, about 1 year ago

Problem/Motivation

prompt controls how the authorization flow handles existing authorizations. If a user has previously authorized your application with the requested scopes and prompt is set to consent, it will request them to reapprove their authorization.

If set to none, it will skip the authorization screen and redirect them back to your redirect URI without requesting their authorization.

Of further interest is that...

For passthrough scopes, like bot and webhook.incoming, authorization is always required.

For this OAuth2 single sign-on, it isn't necessary to use either of these scopes. You can set up your bot separately.

Proposed resolution

Add a note to the "Scopes for API call" configuration field help text about the above mentioned passthrough scopes.

Remaining tasks

User interface changes

Help text notes that authorization is always required for the bot and webhook.incoming passthrough scopes

📌 Task

Status

Active

Version

4.0

Component

User interface

Created by

🇺🇸United States jcandan

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @jcandan

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024