Boy are we really coming down the home stretch now! All of the scopes are implemented in every API endpoint now with their corresponding tests to confirm that the permissions are working correctly. The most difficult of those, I thought, was the Streams, again. After beating my head against a rock a lot yesterday I put the whole project down for the day and then picked it up today. After warming up on the other endpoints I started working my way through getting Streams working such that it could filter private data. After a bit of fumbling I finally got a relatively simple solution to the problem and got all the tests passing correctly.
With the scopes done it was time to move on to the token request endpoint. As I highlighted earlier all of the OpenID/OAuth2 authentication methods are supported. The problem was that in order to do the refresh token route I needed to get a refresh token out. Again after a bit of trial and error I figured out where the data was and could be set and got that working. I proved that it was working via external calls. There are some behavior nuances that the team needs to discuss. For example the IETF standard says that on a token refresh the server can force previous access tokens for that client to expire immediately. Do we want Diaspora to do that or not? Right now it doesn’t. Again, that’s a discussion for another time.
What that means is that it’s now time for the final cleanup before the PR and to integrate all of these changes into the main API branch after code reviews.
In summary: * Scopes are now fully implemented and in code review * OpenID/OAuth refresh token pathway now working and in code review * Final code sweep underway before PR into develop branch requested
You can follow the status dashboard at this Google Sheet as well