From a80c5e6d85a4a5f9c1a18c97c8b01f82306516ef Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Wed, 27 Jan 2016 14:44:18 -0800
Subject: [PATCH] #614 Standardize the pattern for scope defaults.

---
 samples/SocialSample/Startup.cs                        |  6 +++---
 .../GoogleMiddleware.cs                                | 10 ----------
 .../GoogleOptions.cs                                   |  3 +++
 .../MicrosoftAccountMiddleware.cs                      |  7 -------
 .../MicrosoftAccountOptions.cs                         |  1 +
 5 files changed, 7 insertions(+), 20 deletions(-)

diff --git a/samples/SocialSample/Startup.cs b/samples/SocialSample/Startup.cs
index e959943798..8e6cd1768f 100644
--- a/samples/SocialSample/Startup.cs
+++ b/samples/SocialSample/Startup.cs
@@ -133,18 +133,18 @@ namespace CookieSample
             The MicrosoftAccount service has restrictions that prevent the use of http://localhost:54540/ for test applications.
             As such, here is how to change this sample to uses http://mssecsample.localhost.this:54540/ instead.
 
-            Edit the Project.json file and replace http://localhost:54540/ with http://mssecsample.localhost.this:54540/.
+            Edit the hosting.json file and add "server.urls": "http://mssecsample.localhost.this:54540/".
 
             From an admin command console first enter:
              notepad C:\Windows\System32\drivers\etc\hosts
             and add this to the file, save, and exit (and reboot?):
              127.0.0.1 MsSecSample.localhost.this
 
-            Then you can choose to run the app as admin (see below) or add the following ACL as admin:
+            [WebListener] Then you can choose to run the app as admin (see below) or add the following ACL as admin:
              netsh http add urlacl url=http://mssecsample.localhost.this:54540/ user=[domain\user]
 
             The sample app can then be run via:
-             dnx . web
+             dnx web
             */
             app.UseOAuthAuthentication(new OAuthOptions
             {
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
index 565d89b0cf..f81497f26a 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleMiddleware.cs
@@ -67,16 +67,6 @@ namespace Microsoft.AspNetCore.Authentication.Google
             {
                 throw new ArgumentNullException(nameof(options));
             }
-
-            if (Options.Scope.Count == 0)
-            {
-                // Google OAuth 2.0 asks for non-empty scope. If user didn't set it, set default scope to 
-                // "openid profile email" to get basic user information.
-                // TODO: Should we just add these by default when we create the Options?
-                Options.Scope.Add("openid");
-                Options.Scope.Add("profile");
-                Options.Scope.Add("email");
-            }
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs b/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
index 208d710650..3d93b96ea8 100644
--- a/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs
@@ -22,6 +22,9 @@ namespace Microsoft.AspNetCore.Builder
             AuthorizationEndpoint = GoogleDefaults.AuthorizationEndpoint;
             TokenEndpoint = GoogleDefaults.TokenEndpoint;
             UserInformationEndpoint = GoogleDefaults.UserInformationEndpoint;
+            Scope.Add("openid");
+            Scope.Add("profile");
+            Scope.Add("email");
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
index 8daa9b2add..e7ba9f8117 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountMiddleware.cs
@@ -65,13 +65,6 @@ namespace Microsoft.AspNetCore.Authentication.MicrosoftAccount
             {
                 throw new ArgumentNullException(nameof(options));
             }
-
-            if (Options.Scope.Count == 0)
-            {
-                // LiveID requires a scope string, so if the user didn't set one we go for the least possible.
-                // TODO: Should we just add these by default when we create the Options?
-                Options.Scope.Add("wl.basic");
-            }
         }
 
         /// <summary>
diff --git a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
index 7adfa57057..2783bcef1f 100644
--- a/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
+++ b/src/Microsoft.AspNetCore.Authentication.MicrosoftAccount/MicrosoftAccountOptions.cs
@@ -22,6 +22,7 @@ namespace Microsoft.AspNetCore.Builder
             AuthorizationEndpoint = MicrosoftAccountDefaults.AuthorizationEndpoint;
             TokenEndpoint = MicrosoftAccountDefaults.TokenEndpoint;
             UserInformationEndpoint = MicrosoftAccountDefaults.UserInformationEndpoint;
+            Scope.Add("wl.basic");
         }
     }
 }