Problem/Motivation

I am a module maintainer and even I often forget or am confused by the operation/intersection of scopes and roles, particularly as it relates to the scope settings on the consumer configuration. The applicable code is at ScopeRepository::finalizeScopes().

The confusion stems from the fact the scopes configured on the consumer (client) are always issued, and users may additionally request and be issued scopes for roles they hold. I am referencing a few issues I found that stem from this confusion.

The current UI text is:

The roles for this Consumer. OAuth2 scopes are implemented as Drupal roles.
Create a role for every logical group of permissions you want to make available to a consumer.

Which is technically true but not complete.

Steps to reproduce

Proposed resolution

Make this more explicit.

Remaining tasks

User interface changes

API changes

Data model changes

Comments

bradjones1 created an issue. See original summary.

bradjones1’s picture

bradjones1
Primary language English
commented
Status: Active » Closed (duplicate)
Related issues: +#3089083: Expand help text regarding how scopes and roles work

LOL I'm literally repeating myself.