feat(oidc_client): add custom_scopes option to request_device_authorization

kilimnik · kilimnik · commit b5e3a2faefa1 · 2025-01-19T17:53:18.000+01:00
diff --git a/crates/matrix-sdk/src/authentication/common_oidc/oidc_client.rs b/crates/matrix-sdk/src/authentication/common_oidc/oidc_client.rs
@@ -124,17 +124,19 @@ impl OidcClient {
     pub(crate) async fn request_device_authorization(
         &self,
         device_id: Curve25519PublicKey,
+        custom_scopes: Option<Vec<ScopeToken>>,
     ) -> Result<CoreDeviceAuthorizationResponse, DeviceAuhorizationOidcError> {
-        let scopes = [
-            ScopeToken::Openid,
-            ScopeToken::MatrixApi(MatrixApiScopeToken::Full),
-            ScopeToken::try_with_matrix_device(device_id.to_base64()).expect(
-                "We should be able to create a scope token from a \
+        let scopes = custom_scopes
+            .unwrap_or(vec![
+                ScopeToken::Openid,
+                ScopeToken::MatrixApi(MatrixApiScopeToken::Full),
+                ScopeToken::try_with_matrix_device(device_id.to_base64()).expect(
+                    "We should be able to create a scope token from a \
                  Curve25519 public key encoded as base64",
-            ),
-        ]
-        .into_iter()
-        .map(|scope| Scope::new(scope.to_string()));
+                ),
+            ])
+            .into_iter()
+            .map(|scope| Scope::new(scope.to_string()));
 
         let details: CoreDeviceAuthorizationResponse = self
             .inner
diff --git a/crates/matrix-sdk/src/authentication/qrcode/login.rs b/crates/matrix-sdk/src/authentication/qrcode/login.rs
@@ -128,7 +128,8 @@ impl<'a> IntoFuture for LoginWithQrCode<'a> {
             // Let's tell the OIDC provider that we want to log in using the device
             // authorization grant described in [RFC8628](https://datatracker.ietf.org/doc/html/rfc8628).
             trace!("Requesting device authorization.");
-            let auth_grant_response = oidc_client.request_device_authorization(device_id).await?;
+            let auth_grant_response =
+                oidc_client.request_device_authorization(device_id, None).await?;
 
             // Now we need to inform the other device of the login protocols we picked and
             // the URL they should use to log us in.
