From 06a82f416f2339e3309eec32ab98b4858d045697 Mon Sep 17 00:00:00 2001 From: Percy Wegmann Date: Wed, 4 Dec 2024 14:43:43 -0600 Subject: [PATCH] cmd,{get-authkey,tailscale}: remove unnecessary scope qualifier from OAuth clients OAuth clients that were used to generate an auth_key previously specified the scope 'device'. 'device' is not an actual scope, the real scope is 'devices'. The resulting OAuth token ended up including all scopes from the specified OAuth client, so the code was able to successfully create auth_keys. It's better not to hardcode a scope here anyway, so that we have the flexibility of changing which scope(s) are used in the future without having to update old clients. Since the qualifier never actually did anything, this commit simply removes it. Updates tailscale/corp#24934 Signed-off-by: Percy Wegmann --- cmd/get-authkey/main.go | 1 - cmd/tailscale/cli/up.go | 1 - 2 files changed, 2 deletions(-) diff --git a/cmd/get-authkey/main.go b/cmd/get-authkey/main.go index 777258d64..95c930756 100644 --- a/cmd/get-authkey/main.go +++ b/cmd/get-authkey/main.go @@ -46,7 +46,6 @@ func main() { ClientID: clientID, ClientSecret: clientSecret, TokenURL: baseURL + "/api/v2/oauth/token", - Scopes: []string{"device"}, } ctx := context.Background() diff --git a/cmd/tailscale/cli/up.go b/cmd/tailscale/cli/up.go index 6c5c6f337..e86687527 100644 --- a/cmd/tailscale/cli/up.go +++ b/cmd/tailscale/cli/up.go @@ -1157,7 +1157,6 @@ func resolveAuthKey(ctx context.Context, v, tags string) (string, error) { ClientID: "some-client-id", // ignored ClientSecret: clientSecret, TokenURL: baseURL + "/api/v2/oauth/token", - Scopes: []string{"device"}, } tsClient := tailscale.NewClient("-", nil)