53 lines
1.8 KiB
Python
53 lines
1.8 KiB
Python
# Copyright (c) 2025 Patrick Motsch
|
|
# All rights reserved.
|
|
"""OAuth scope sets for split Auth- vs Data-apps (Google / Microsoft)."""
|
|
|
|
# Google — Auth app only (no Gmail/Drive API scopes)
|
|
googleAuthScopes = [
|
|
"openid",
|
|
"https://www.googleapis.com/auth/userinfo.email",
|
|
"https://www.googleapis.com/auth/userinfo.profile",
|
|
]
|
|
|
|
# Google — Data app (Gmail + Drive + Calendar + Contacts + identity for token responses)
|
|
googleDataScopes = [
|
|
"openid",
|
|
"https://www.googleapis.com/auth/userinfo.email",
|
|
"https://www.googleapis.com/auth/userinfo.profile",
|
|
"https://www.googleapis.com/auth/gmail.readonly",
|
|
"https://www.googleapis.com/auth/drive.readonly",
|
|
"https://www.googleapis.com/auth/calendar.readonly",
|
|
"https://www.googleapis.com/auth/contacts.readonly",
|
|
]
|
|
|
|
# Microsoft — Auth app: Graph profile only (MSAL adds openid, profile, offline_access, …)
|
|
msftAuthScopes = [
|
|
"User.Read",
|
|
]
|
|
|
|
# Microsoft — Data app (delegated; requires admin consent for several)
|
|
msftDataScopes = [
|
|
"User.Read",
|
|
"Mail.ReadWrite",
|
|
"Mail.Send",
|
|
"Files.ReadWrite.All",
|
|
"Sites.ReadWrite.All",
|
|
"Team.ReadBasic.All",
|
|
"OnlineMeetings.Read",
|
|
"Chat.ReadWrite",
|
|
"ChatMessage.Send",
|
|
"Calendars.Read",
|
|
"Contacts.Read",
|
|
]
|
|
|
|
|
|
def msftDataScopesForRefresh() -> str:
|
|
"""Space-separated scope string identical to authorization request (Token v2 refresh)."""
|
|
return " ".join(msftDataScopes)
|
|
|
|
|
|
# Infomaniak intentionally has no OAuth scope set: the kDrive + Mail data APIs
|
|
# are only reachable with manually issued Personal Access Tokens (see
|
|
# wiki/d-guides/infomaniak-token-setup.md). The OAuth /authorize endpoint at
|
|
# login.infomaniak.com only accepts identity scopes (openid/profile/email/phone)
|
|
# and does not return tokens that work against /1/* data routes.
|