Changing OAuth Scopes
If you would like to add additional OAuth Scopes when accessing your third party provider, you can do so by adding them to the config when initializing the backend SDK.
For example if you are using Google as your third party provider, you can add an additional scope as follows:
- NodeJS
- GoLang
- Python
import SuperTokens from "supertokens-node";
import ThirdPartyEmailPassword from 'supertokens-node/recipe/thirdpartyemailpassword';
SuperTokens.init({
supertokens: {
connectionURI: "...",
},
appInfo: {
apiDomain: "...",
appName: "...",
websiteDomain: "..."
},
recipeList: [
ThirdPartyEmailPassword.init({
providers: [
ThirdPartyEmailPassword.Google({
clientSecret: "TODO: GOOGLE_CLIENT_SECRET",
clientId: "TODO: GOOGLE_CLIENT_ID",
scope: [
"scope1",
"scope2",
]
})
]
})
]
});
import (
"github.com/supertokens/supertokens-golang/recipe/thirdparty"
"github.com/supertokens/supertokens-golang/recipe/thirdparty/tpmodels"
"github.com/supertokens/supertokens-golang/recipe/thirdpartyemailpassword"
"github.com/supertokens/supertokens-golang/recipe/thirdpartyemailpassword/tpepmodels"
"github.com/supertokens/supertokens-golang/supertokens"
)
func main() {
supertokens.Init(supertokens.TypeInput{
RecipeList: []supertokens.Recipe{
thirdpartyemailpassword.Init(&tpepmodels.TypeInput{
Providers: []tpmodels.TypeProvider{
thirdparty.Google(tpmodels.GoogleConfig{
ClientID: "TODO: GOOGLE_CLIENT_ID",
ClientSecret: "TODO: GOOGLE_CLIENT_SECRET",
Scope: []string{
"scope1", "scope2",
},
}),
},
}),
},
})
}
from supertokens_python import init, InputAppInfo
from supertokens_python.recipe import thirdpartyemailpassword
from supertokens_python.recipe.thirdpartyemailpassword import Google
init(
app_info=InputAppInfo(api_domain="...", app_name="...", website_domain="..."),
framework='...',
recipe_list=[
thirdpartyemailpassword.init(
providers=[
Google(
client_id='GOOGLE_CLIENT_ID',
client_secret='GOOGLE_CLIENT_SECRET',
scope=["scope1", "scope2"]
)
]
)
]
)
important
Along with your custom scopes, you also need to add scopes that ask for the user's email and its verification status. For example with Google, this scope is called "https://www.googleapis.com/auth/userinfo.email"