OAUTH token with wrong scope
Summary
W20170526-11:40:00.910(2) (oauth.js:431) Error in OAuth Server: Failed to fetch account data from Gitlab. failed [403] {"error":"insufficient_scope","error_description":"The request requires higher privileges than provided by the access token.","scope":"api"}
Steps to reproduce
- register application for scope "read_user"
- try to login (token is build for scope "api")
- cross-check: regsuter application for scope "api" an try again to login -> success
What is the current bug behavior?
the token seems to be build with scope api no matter what the requested scope is
What is the expected correct behavior?
the token should be build with the correct scope
Relevant logs and/or screenshots
with scope read_user we get this error: (W20170526-11:40:00.910(2) (oauth.js:431) Error in OAuth Server: Failed to fetch account data from Gitlab. failed [403] {"error":"insufficient_scope","error_description":"The request requires higher privileges than provided by the access token.","scope":"api"}
Results of GitLab environment info
System information System: Debian 8.8 Proxy: no Current User: git Using RVM: no Ruby Version: 2.3.3p222 Gem Version: 2.6.6 Bundler Version:1.13.7 Rake Version: 10.5.0 Redis Version: 3.2.5 Git Version: 2.11.1 Sidekiq Version:5.0.0
GitLab information Version: 9.2.1-ee Revision: gitlab-ee@b0dd8f61df35f675c3d63403b5126ec8c653926a Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: postgresql DB Version: 9.4.12 URL: XX HTTP Clone URL: XX SSH Clone URL: XX Elasticsearch: no Geo: no Using LDAP: yes Using Omniauth: no
GitLab Shell Version: 5.0.3 Repository storage paths:
- default: /var/opt/gitlab/git-data/repositories Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks Git: /opt/gitlab/embedded/bin/git
Results of GitLab application Check
contains sensitive user information. all tests are green :)
Possible fixes
(If you can, link to the line of code that might be responsible for the problem)