You're correct that Spring Social doesn't support the "scope" parameter for OAuth 1.0a...that's because OAuth 1.0a doesn't officially support scoping of authorization. The "scope" parameter used by LinkedIn is a LinkedIn-specific extension to OAuth 1.0a.
Spring Social's OAuth1Template *does* support additional parameters via the fetchRequestToken() method. If you were working at the OAuth1Template level, then you'd simply send in the "scope" parameter in the additionalParameters map and you'd be set.
That said, ConnectController and ProviderSignInController do not take advantage of that and always pass null in for the additionalParameters method. It'd be nice if there were a way to specify the scope parameter, perhaps via a parameter to the request going into ConnectController--that is, ConnectController could copy any parameters coming into it via the request into the additionalParameters map that it send to fetchRequestToken() (which is actually called from ConnectSupport.java).
This sounds almost like the same problem as described in https://jira.springsource.org/browse/SOCIAL-306...but slightly different. SOCIAL-306 talks of sending those parameters on the authorization URL, but in your case you need them on the request token request.
If you don't mind, could you open an improvement issue in JIRA for your specific case (open in as part of the Spring Social main project, not part of Spring Social LinkedIn, since it's really a core problem). I'll look into correcting it at the same time I address SOCIAL-306.
Craig Walls
Spring Social Project Lead
Junior Member
Posting Permissions
Reply With Quote