Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update /me endpoint for Microsoft accounts #339

Open
drewler opened this issue Aug 17, 2022 · 1 comment
Open

Update /me endpoint for Microsoft accounts #339

drewler opened this issue Aug 17, 2022 · 1 comment
Assignees
@drewler

Comments

@drewler
Copy link
Contributor

drewler commented Aug 17, 2022

sync-engine/inbox/auth/microsoft.py

Line 37 in e19ff46

OAUTH_USER_INFO_URL = "https://outlook.office.com/api/v2.0/me"

Used in _get_user_info.

  • Should use https://graph.microsoft.com/v1.0/me instead.
  • Since the scope required (User.Read) is different from the ones in OAUTH_SCOPE, I suggest the following approach:
    • Override _get_user_info in MicrosoftAuthHandler, so it calls the parent method with a copy of session_dict where session_dict["access_token"] has been replaced with an access token with the right scope.
    • That access token (with User.Read scope) has to be requested just before calling the parent method, using the AuthAlligator client.
@drewler
Copy link
Contributor Author

drewler commented Sep 26, 2022
edited

I think this URL is only used during the "Authorization Code" grant:

Since this is not part of the main flow, updating this endpoint has lower priority and we can leave if for later.

@drewler drewler assigned drewler and unassigned cschams Sep 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@drewler drewler

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@drewler @cschams