kaccounts-providers/0001-google-provider.patch

commit 0a71da4e3caae0defe200a85954fc7e2012010c1
Author: Daniel Vrátil <dvratil@kde.org>
Date:   Mon Jan 13 13:48:37 2020 +0100

    Google provider: limit requested OAuth scopes
    
    Summary:
    Limit the scopes to what is actually permitted in the Google App settings:
    contacts and calendars for future PIM integration, GDrive for KIO-GDrive,
    and Youtube (upload-only) for the Purpose sharing plugin. We can extend
    this in the future if needed easilly, it's easier for us to get the
    Google App verified if we can proof and show how the individual scopes
    are used by KDE.
    
    Reviewers: elvisangelaccio, bshah
    
    Reviewed By: elvisangelaccio, bshah
    
    Differential Revision: https://phabricator.kde.org/D26454

diff --git a/providers/google.provider.in b/providers/google.provider.in
index 638c1a9..97307af 100644
--- a/providers/google.provider.in
+++ b/providers/google.provider.in
@@ -21,22 +21,15 @@
                order to return a refresh token -->
           <setting name="ResponseType">code</setting>
           <setting name="Scope" type="as">[
-              'https://docs.google.com/feeds/',
-              'https://www.googleapis.com/auth/googletalk',
-              'https://www.googleapis.com/auth/youtube.upload',
-              'https://www.googleapis.com/auth/youtube',
               'https://www.googleapis.com/auth/userinfo.email',
               'https://www.googleapis.com/auth/userinfo.profile',
-              'https://picasaweb.google.com/data/',
               'https://www.googleapis.com/auth/calendar',
-              'https://www.google.com/m8/feeds/',
               'https://www.googleapis.com/auth/tasks',
+              'https://www.google.com/m8/feeds/',
               'https://www.googleapis.com/auth/drive',
-              'https://www.googleapis.com/auth/drive.file',
-              'https://www.googleapis.com/auth/drive.metadata.readonly',
-              'https://www.googleapis.com/auth/drive.readonly'
+              'https://www.googleapis.com/auth/youtube.upload',
           ]</setting>
-          <setting name="AllowedSchemes" type="as">['https','http']</setting>
+          <setting name="AllowedSchemes" type="as">['https']</setting>
           <setting name="ClientId">317066460457-pkpkedrvt2ldq6g2hj1egfka2n7vpuoo.apps.googleusercontent.com</setting>
           <setting name="ClientSecret">Y8eFAaWfcanV3amZdDvtbYUq</setting>
           <setting name="ForceClientAuthViaRequestBody" type="b">true</setting>
Add upstream patch to fix the Google provider 5 years ago			`commit 0a71da4e3caae0defe200a85954fc7e2012010c1`
			`Author: Daniel Vrátil <dvratil@kde.org>`
			`Date: Mon Jan 13 13:48:37 2020 +0100`

			`Google provider: limit requested OAuth scopes`

			`Summary:`
			`Limit the scopes to what is actually permitted in the Google App settings:`
			`contacts and calendars for future PIM integration, GDrive for KIO-GDrive,`
			`and Youtube (upload-only) for the Purpose sharing plugin. We can extend`
			`this in the future if needed easilly, it's easier for us to get the`
			`Google App verified if we can proof and show how the individual scopes`
			`are used by KDE.`

			`Reviewers: elvisangelaccio, bshah`

			`Reviewed By: elvisangelaccio, bshah`

			`Differential Revision: https://phabricator.kde.org/D26454`

			`diff --git a/providers/google.provider.in b/providers/google.provider.in`
			`index 638c1a9..97307af 100644`
			`--- a/providers/google.provider.in`
			`+++ b/providers/google.provider.in`
			`@@ -21,22 +21,15 @@`
			`order to return a refresh token -->`
			`<setting name="ResponseType">code</setting>`
			`<setting name="Scope" type="as">[`
			`- 'https://docs.google.com/feeds/',`
			`- 'https://www.googleapis.com/auth/googletalk',`
			`- 'https://www.googleapis.com/auth/youtube.upload',`
			`- 'https://www.googleapis.com/auth/youtube',`
			`'https://www.googleapis.com/auth/userinfo.email',`
			`'https://www.googleapis.com/auth/userinfo.profile',`
			`- 'https://picasaweb.google.com/data/',`
			`'https://www.googleapis.com/auth/calendar',`
			`- 'https://www.google.com/m8/feeds/',`
			`'https://www.googleapis.com/auth/tasks',`
			`+ 'https://www.google.com/m8/feeds/',`
			`'https://www.googleapis.com/auth/drive',`
			`- 'https://www.googleapis.com/auth/drive.file',`
			`- 'https://www.googleapis.com/auth/drive.metadata.readonly',`
			`- 'https://www.googleapis.com/auth/drive.readonly'`
			`+ 'https://www.googleapis.com/auth/youtube.upload',`
			`]</setting>`
			`- <setting name="AllowedSchemes" type="as">['https','http']</setting>`
			`+ <setting name="AllowedSchemes" type="as">['https']</setting>`
			`<setting name="ClientId">317066460457-pkpkedrvt2ldq6g2hj1egfka2n7vpuoo.apps.googleusercontent.com</setting>`
			`<setting name="ClientSecret">Y8eFAaWfcanV3amZdDvtbYUq</setting>`
			`<setting name="ForceClientAuthViaRequestBody" type="b">true</setting>`