[Bug] Yahoo OAuth2 provider uses deprecated/invalid scopes causing authentication failure #10982
Description
👟 Reproduction steps
- Configure Yahoo OAuth provider in Appwrite Console
- Call
account.createOAuth2Token(OAuthProvider.Yahoo, successUrl, failureUrl)or similar - User is redirected to Yahoo login
- After Yahoo login, redirected back with error:
?error=invalid_scope&error_description=invalid+scope
👍 Expected behavior
Yahoo OAuth should successfully authenticate the user and return to the success URL with valid credentials.
👎 Actual Behavior
Yahoo returns invalid_scope error immediately after user authentication.
Root Cause
In the code, the scopes are hardcoded:
protected array $scopes = [
'sdct-r',
'sdpp-w'
];These are Yahoo Social Directory API scopes (sdct-r = Social Directory Contacts Read, sdpp-w = Social Directory Profile Write) which appear to be deprecated or no longer valid.
The getScopes() method (line 45) ignores any scopes passed by the user and always returns these hardcoded values:
public function getScopes(): array
{
return $this->scopes;
}Suggested Fix
- Update default scopes to valid Yahoo OAuth 2.0 scopes. Common valid scopes include:
- openid - OpenID Connect
- profile - Basic profile info
- email - Email address - Allow scope configuration either via:
- The Appwrite Console when setting up the Yahoo provider
- Respecting user-provided scopes in the SDK methods
🎲 Appwrite version
Appwrite Cloud
💻 Operating system
Linux
🧱 Your Environment
- Appwrite Version: Cloud
- SDK: JavaScript Web SDK
- Provider: Yahoo
👀 Have you spent some time to check if this issue has been raised before?
- I checked and didn't find similar issue
🏢 Have you read the Code of Conduct?
- I have read the Code of Conduct