Skip to content

feat(gen2-migration): implement provider-specific OAuth scopes for auth migration #14373

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
iliapolo merged 4 commits into from
Dec 1, 2025
Merged

feat(gen2-migration): implement provider-specific OAuth scopes for auth migration #14373

iliapolo merged 4 commits into from
Dec 1, 2025

Conversation

@dgandhi62
Copy link
Contributor

@dgandhi62 dgandhi62 commented Nov 28, 2025
edited
Loading

Current Issue

The migration tool incorrectly applies global OAuth scopes to all social login providers, losing provider-specific scope configurations that existed in Gen 1.

Example:

  • Google configured with openid email profile scopes
  • Facebook configured with public_profile scope
  • Migration tool applies same global scopes ['email', 'openid', 'phone', 'profile'] to both providers

Solved
Implemented provider-specific OAuth scope extraction and generation to preserve original Gen 1 configurations.

Note
I also added documentation to the auth adapter file with this pr

@dgandhi62
feat: implement provider-specific OAuth scopes for auth migration
88ab621 
- Extract provider-specific scopes from Identity Provider details
- Add support for googleScopes, facebookScopes, amazonScopes, appleScopes
- Map Facebook's public_profile to Cognito's profile scope
- Update codegen to embed scopes in individual provider configurations
- Remove global scopes from externalProviders configuration
- Add comprehensive test coverage for provider-specific scope extraction

Fixes issue where all OAuth providers shared the same global scopes,
losing provider-specific configurations during Gen 1 to Gen 2 migration.
@dgandhi62 dgandhi62 requested a review from a team as a code owner November 28, 2025 16:07
@dgandhi62 dgandhi62 closed this Nov 28, 2025
@dgandhi62 dgandhi62 changed the title enecccfnvbdbjcdlntlktidclbijlbvhhhfdhcebnftfCodegen auth genv5 feat(gen2-migration): implement provider-specific OAuth scopes for auth migration Nov 28, 2025
@dgandhi62 dgandhi62 reopened this Nov 28, 2025
@dgandhi62 dgandhi62 changed the base branch from dev to gen2-migration November 28, 2025 16:10
@iliapolo iliapolo merged commit 2b69c5d into aws-amplify:gen2-migration Dec 1, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dgandhi62 @iliapolo