DO Ideas 2

support granular OAuth2 scopes

Currently the OAuth2 API only supports the very coarse scopes of "read" or "read write". It'd be great if we could request much more granular scopes. Really, any more granularity would be appreciated.

In the ideal, there'd be a way to request OAuth2 permissions for a very specific set of actions, and the authorizing user can see the price upfront before accepting. Ex:

<Application> is requesting permission to
* Read account SSH keys
* Read droplet information
* Create a 100gb data Volume in SFO2
* Create a 1gb Droplet in SFO2

Total cost: $20/month.

Currently, if you're using the API to create your own one-click applications, you need to educate the user about what you'll do with the full read/write access API token & the cost of the API actions you'll take. That can be pretty tricky. DO should be the source of truth on pricing.

  • Jackson
  • Sep 11 2018
  • Attach files
  • Michał commented
    September 11, 2018 16:14

    This is something that definitely makes sense. With time, increasing number of developers (such as myself) will be making use of the DO API. Hence, it makes sense to allow for apps to have access with more granular scopes for security reasons. I'd like to be able to disallow my app from being able to delete a server (for safety reasons), but I'd like it to be able to create one. I know it's an old idea, but I hope it'll get upvoted more.

  • Luis Ramírez commented
    September 11, 2018 16:14

    The main advantage is security since if a droplet with access to the API is compromised it will be the apocalypse = (