From 5a2336a1c230565bbf172ffacd27645b623de769 Mon Sep 17 00:00:00 2001
From: philloooo <phillis.tt@gmail.com>
Date: Mon, 17 Sep 2018 16:39:17 -0500
Subject: [PATCH] fix(scope): add unuesed google scope

---
 fence/jwt/token.py | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/fence/jwt/token.py b/fence/jwt/token.py
index adf222cf7..77c9f62ba 100644
--- a/fence/jwt/token.py
+++ b/fence/jwt/token.py
@@ -16,7 +16,8 @@
     'user': 'Know your {idp_names} basic account information and what you are authorized to access.',
     'data': 'Retrieve controlled-access datasets to which you have access.',
     'credentials': 'View and update your credentials.',
-    'google_credentials': 'temporary google credentials to access data on google',
+    'google_credentials': 'Receive temporary Google credentials to access data on google',
+    'google_service_account': 'Allow registration of external Google service accounts to access data.',
     'admin': 'View and update user authorizations.'
 }
 
@@ -27,11 +28,17 @@
 # Only allow web session based auth access credentials so that user
 # can't create a long-lived API key using a short lived access_token
 SESSION_ALLOWED_SCOPES = [
-    'openid', 'user', 'credentials', 'data', 'admin', 'google_credentials']
+    'openid', 'user', 'credentials', 'data', 'admin', 'google_credentials',
+    'google_service_account'
+]
 USER_ALLOWED_SCOPES = [
-    'fence', 'openid', 'user', 'data', 'admin', ' google_credentials']
+    'fence', 'openid', 'user', 'data', 'admin', ' google_credentials',
+    'google_service_account'
+]
 CLIENT_ALLOWED_SCOPES = [
-    'openid', 'user', 'data', 'admin', 'google_credentials']
+    'openid', 'user', 'data', 'admin', 'google_credentials',
+    'google_service_account'
+]
 
 
 class JWTResult(object):