Support OAuth Scopes & Update Token Data Limits

[stratoghost]

This PR fixes missing OAuth scopes during the social auth redirect and widens token columns to handle long provider tokens.

Why

• Providers support a scopes setting, but we weren’t passing it on redirect. That breaks flows that need extra permissions.
• Some Socialite providers return tokens longer than 400 chars. We were truncating them.

What changed

Social auth

• SocialController@redirect: reads provider config and applies the configured scopes to the redirect.
• SocialProvider::getRows: if scopes is an array, store it as a comma-separated string.

Database

• token on social_provider_user → text. Down migrates to string(400).
  2025_08_03_213559_change_token_to_text_on_social_provider_users_table.php
• refresh_token on social_provider_user → text. Down migrates to string(191|400).
  2025_08_03_213701_change_refresh_token_to_text_on_social_provider_users_table.php

Controller update

• SocialController.php

Model update

• SocialProvider.php

Config example

// config/services.php
'vatsim' => [
    'name' => 'VATSIM',
    'scopes' => ['full_name', 'email', 'vatsim_details', 'country'],
    'parameters' => null,
    'stateless' => true,
    'active' => true,
    'socialite' => false,
    'svg' => '...',
    'client_id' => env('VATSIM_CLIENT_ID'),
    'client_secret' => env('VATSIM_CLIENT_SECRET'),
]

Testing

• ✅ PEST tests passing
• ⚠️ Dusk has some flaky cases from dev-main
• 🔄 Manual tests across multiple providers worked as expected

Migration notes

• Run migrations after deploy.
• Rolling back will cut tokens to 400 chars. Back up if that’s a concern.
• Clear config cache if you change scopes: php artisan config:clear

Impact

• No API changes.
• Existing configs with array scopes keep working. We store scopes as a comma-separated strings through Sushi.

Reason for the PR

I opened this for DevDojo Auth because scopes existed in provider setup, but the redirect ignored them. This applies the scopes and prevents token truncation seen with some custom Socialite providers.

[Copilot]

Pull Request Overview

This pull request enhances OAuth functionality by adding support for configurable scopes and increasing token storage capacity. The changes enable dynamic OAuth scope configuration per provider while expanding database storage limits for tokens.

• Database schema updates to change token columns from varchar to text for increased storage capacity
• OAuth scope support with dynamic configuration from provider settings
• Data handling improvements to convert scope arrays to comma-separated strings

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File	Description
database/migrations/2025_08_03_213559_change_token_to_text_on_social_provider_users_table.php	Migration to change token column from string(400) to text type
database/migrations/2025_08_03_213701_change_refresh_token_to_text_on_social_provider_users_table.php	Migration to change refresh_token column from string to text type
src/Http/Controllers/SocialController.php	Added dynamic OAuth scope configuration in redirect method
src/Models/SocialProvider.php	Added logic to convert scope arrays to comma-separated strings

[msumdev]

Finally! Hopefully this gets merged soon.

[tnylea]

@stratoghost, thanks for the contribution. I'm looking it over and if the tests pass I can get this merged in real soon :)

Thanks!

[tnylea]

Hey @stratoghost,

It looks like the tests are failing, but that's not your fault. There was a change that was needed to get the pest and dusk tests to pass which I have merged here: #162.

Go ahead and merge main into your branch and that should solve the issue. Hit me up when you've done that and I can get this merged in and in the next release.

Appreciate it 🤘