fix(scope): add unuesed google scope

uc-cdis · Sep 17, 2018 · 5a2336a · 5a2336a
1 parent f6ca4e8
commit 5a2336a
Showing 1 changed file with 11 additions and 4 deletions.
diff --git a/fence/jwt/token.py b/fence/jwt/token.py
@@ -16,7 +16,8 @@
     'user': 'Know your {idp_names} basic account information and what you are authorized to access.',
     'data': 'Retrieve controlled-access datasets to which you have access.',
     'credentials': 'View and update your credentials.',
-    'google_credentials': 'temporary google credentials to access data on google',
+    'google_credentials': 'Receive temporary Google credentials to access data on google',
+    'google_service_account': 'Allow registration of external Google service accounts to access data.',
     'admin': 'View and update user authorizations.'
 }
 
@@ -27,11 +28,17 @@
 # Only allow web session based auth access credentials so that user
 # can't create a long-lived API key using a short lived access_token
 SESSION_ALLOWED_SCOPES = [
-    'openid', 'user', 'credentials', 'data', 'admin', 'google_credentials']
+    'openid', 'user', 'credentials', 'data', 'admin', 'google_credentials',
+    'google_service_account'
+]
 USER_ALLOWED_SCOPES = [
-    'fence', 'openid', 'user', 'data', 'admin', ' google_credentials']
+    'fence', 'openid', 'user', 'data', 'admin', ' google_credentials',
+    'google_service_account'
+]
 CLIENT_ALLOWED_SCOPES = [
-    'openid', 'user', 'data', 'admin', 'google_credentials']
+    'openid', 'user', 'data', 'admin', 'google_credentials',
+    'google_service_account'
+]
 
 
 class JWTResult(object):