From 73f8ded761f64f52481bbf3b52a86d61fd73a60d Mon Sep 17 00:00:00 2001
From: Jason McBrayer <jmcbray@carcosa.net>
Date: Mon, 27 Aug 2018 10:53:35 -0400
Subject: [PATCH] Also only ask for specific scopes on login, not just client
 creation

---
 brutaldon/views.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/brutaldon/views.py b/brutaldon/views.py
index 41e3bf8..276ffd8 100644
--- a/brutaldon/views.py
+++ b/brutaldon/views.py
@@ -214,7 +214,8 @@ def oauth_callback(request):
                         api_base_url=request.session['instance'])
     redirect_uri = request.build_absolute_uri(reverse('oauth_callback'))
     access_token = mastodon.log_in(code=code,
-                                   redirect_uri=redirect_uri)
+                                   redirect_uri=redirect_uri,
+                                   scopes=['read', 'write', 'follow'])
     request.session['access_token'] = access_token
     user = mastodon.account_verify_credentials()
     request.session['user'] = user
@@ -267,7 +268,8 @@ def old_login(request):
                     client = client)
             try:
                 access_token = mastodon.log_in(username,
-                                               password)
+                                               password,
+                                               scopes=['read', 'write', 'follow'])
                 account.access_token = access_token
                 account.save()
                 request.session['username'] = username