55 lines
1.5 KiB
Python
55 lines
1.5 KiB
Python
# Copyright (c) 2025 Patrick Motsch
|
|
# All rights reserved.
|
|
"""OAuth scope sets for split Auth- vs Data-apps (Google / Microsoft)."""
|
|
|
|
# Google — Auth app only (no Gmail/Drive API scopes)
|
|
googleAuthScopes = [
|
|
"openid",
|
|
"https://www.googleapis.com/auth/userinfo.email",
|
|
"https://www.googleapis.com/auth/userinfo.profile",
|
|
]
|
|
|
|
# Google — Data app (Gmail + Drive + identity for token responses)
|
|
googleDataScopes = [
|
|
"openid",
|
|
"https://www.googleapis.com/auth/userinfo.email",
|
|
"https://www.googleapis.com/auth/userinfo.profile",
|
|
"https://www.googleapis.com/auth/gmail.readonly",
|
|
"https://www.googleapis.com/auth/drive.readonly",
|
|
]
|
|
|
|
# Microsoft — Auth app: Graph profile only (MSAL adds openid, profile, offline_access, …)
|
|
msftAuthScopes = [
|
|
"User.Read",
|
|
]
|
|
|
|
# Microsoft — Data app (delegated; requires admin consent for several)
|
|
msftDataScopes = [
|
|
"User.Read",
|
|
"Mail.ReadWrite",
|
|
"Mail.Send",
|
|
"Files.ReadWrite.All",
|
|
"Sites.ReadWrite.All",
|
|
"Team.ReadBasic.All",
|
|
"OnlineMeetings.Read",
|
|
"Chat.ReadWrite",
|
|
"ChatMessage.Send",
|
|
]
|
|
|
|
|
|
def msftDataScopesForRefresh() -> str:
|
|
"""Space-separated scope string identical to authorization request (Token v2 refresh)."""
|
|
return " ".join(msftDataScopes)
|
|
|
|
|
|
# Infomaniak — Data app (kDrive + Mail; user_info needed for /1/profile lookup)
|
|
infomaniakDataScopes = [
|
|
"user_info",
|
|
"kdrive",
|
|
"mail",
|
|
]
|
|
|
|
|
|
def infomaniakDataScopesForRefresh() -> str:
|
|
"""Space-separated scope string identical to authorization request."""
|
|
return " ".join(infomaniakDataScopes)
|