From 64eb252171abc4e7dfb090d43d17b37884c60fa8 Mon Sep 17 00:00:00 2001
From: josdigital <128366984+josdigital@users.noreply.github.com>
Date: Sat, 9 Dec 2023 11:37:43 +0100
Subject: [PATCH] Remove Youtube broad scope

The scope removed was asking the user permissions to manage the FULL Youtube account and that was not needed. In fact the read.only scope is more than enough to get the permission token to view the user plugin. The extra scope has been removed because when submitting a custom google app for verification, Google will complain of this large scope (and this also gives too much power to this plugin, with the risk of compromising the youtube account of the user)
---
 src/gateways/YouTube.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/gateways/YouTube.php b/src/gateways/YouTube.php
index 9f646008..d0105d91 100644
--- a/src/gateways/YouTube.php
+++ b/src/gateways/YouTube.php
@@ -75,7 +75,6 @@ public function getOauthScope(): array
         return [
             'https://www.googleapis.com/auth/userinfo.profile',
             'https://www.googleapis.com/auth/userinfo.email',
-            'https://www.googleapis.com/auth/youtube',
             'https://www.googleapis.com/auth/youtube.readonly'
         ];
     }