Merge pull request #329 from jstevans/patch-1

Add config to pass on token scope-change warnings
freakboy3742 · Oct 13, 2022 · a97737b · a97737b
2 parents ed3ca11 + 08bf965
commit a97737b
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/xero/auth.py b/xero/auth.py
@@ -491,6 +491,7 @@ def __init__(
         scope=None,
         tenant_id=None,
         user_agent=None,
+        relax_token_scope=False,
     ):
         from xero import __version__ as VERSION
 
@@ -502,6 +503,7 @@ def __init__(
         self.tenant_id = tenant_id  # Used by BaseManager
         self._oauth = None
         self.scope = scope or DEFAULT_SCOPE[:]
+        self.relax_token_scope = relax_token_scope
 
         if user_agent is None:
             self.user_agent = (
@@ -566,7 +568,12 @@ def verify(self, auth_secret):
         # Various different exceptions may be raised, so pass the exception
         # through as XeroAccessDenied
         except Exception as e:
-            raise XeroAccessDenied(e)
+            # oauthlib raises a warning when returned token scope
+            # is different from the client scope
+            if self.relax_token_scope and isinstance(e, Warning):
+                session.token = e.token
+            else:
+                raise XeroAccessDenied(e)
         self._init_oauth(token)
 
     def generate_url(self):