Use OAuthScope.fulfills() instead of __eq__() to validate if token scopes are
applicable for webhook subscriptions.
---
srht/webhook/magic.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/srht/webhook/magic.py b/srht/webhook/magic.py
index b91c808..0fd7229 100644
--- a/srht/webhook/magic.py
+++ b/srht/webhook/magic.py
@@ -47,8 +47,10 @@ class _SubscriptionMixin:
except ValueError:
valid.expect(False,
f"Unsupported event type", field="events")
+ fulfills_scope = lambda req: any(scope.fulfills(req)
+ for scope in token.scopes)
valid.expect(OAuthScope.all in token.scopes or
- all(self._Webhook.event_scope[ev] in token.scopes
+ all(fulfills_scope(self._Webhook.event_scope[ev])
for ev in self.events),
"Permission denied - does your token have the appropriate scopes?")
if hasattr(self._Webhook, "__init__"):
--
2.22.0