handle editable scopes a bit differently

Author: izuzak

api/ruby/basics-of-authentication/advanced_server.rb

@@ -27,18 +27,33 @@ def authenticate!
     authenticate!
   else
     access_token = session[:access_token]
-    scopes = session[:scopes]
-    has_user_email_scope = scopes.include? 'user:email'
+    scopes = []
 
-    auth_result = JSON.parse(RestClient.get('https://api.github.com/user',
-                                            {:params => {:access_token => access_token},
-                                             :accept => :json}))
+    begin
+      auth_result = RestClient.get('https://api.github.com/user',
+                                   {:params => {:access_token => access_token},
+                                    :accept => :json})
+    rescue => e
+      # request didn't succeed because the token was revoked so we
+      # invalidate the token stored in the session and render the
+      # index page so that the user can start the OAuth flow again
 
-    if has_user_email_scope
+      session[:access_token] = nil
+      return authenticate!
+    end
+
+    # the request succeeded, so we check the list of current scopes
+    if auth_result.headers.include? :x_oauth_scopes
+      scopes = auth_result.headers[:x_oauth_scopes].split(', ')
+    end
+
+    auth_result = JSON.parse(auth_result)
+
+    if scopes.include? 'user:email'
       auth_result['private_emails'] =
         JSON.parse(RestClient.get('https://api.github.com/user/emails',
-                                  {:params => {:access_token => access_token},
-                                   :accept => :json}))
+                       {:params => {:access_token => access_token},
+                        :accept => :json}))
     end
 
     erb :advanced, :locals => auth_result
@@ -55,7 +70,6 @@ def authenticate!
                            :accept => :json)
 
   session[:access_token] = JSON.parse(result)['access_token']
-  session[:scopes] = JSON.parse(result)['scope'].split(',')
 
   redirect '/'
 end