From b5b4bff42cc9785576465d4b6e467263466f95d0 Mon Sep 17 00:00:00 2001
From: Hugo Locurcio <hugo.locurcio@hugo.pro>
Date: Mon, 28 Oct 2019 14:42:00 +0100
Subject: [PATCH] Only use the `read_user` scope for GitLab by default

- If the user created the application without checking any of the
  scope checkboxes, GitLab will implicitly check all the boxes when
  submitting the form. This can result in all scopes being granted
  to the application, which is very broad.

- If the user created the application with only the `read_user` scope
  being grantable to applications, Socialite will work correctly out
  of the box (without requiring the user to override the scopes being
  requested on the Laravel side).

This closes #402.
---
 src/Two/GitlabProvider.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/Two/GitlabProvider.php b/src/Two/GitlabProvider.php
index 22907b7b..0848ec66 100644
--- a/src/Two/GitlabProvider.php
+++ b/src/Two/GitlabProvider.php
@@ -4,6 +4,13 @@
 
 class GitlabProvider extends AbstractProvider implements ProviderInterface
 {
+    /**
+     * The scopes being requested.
+     *
+     * @var array
+     */
+    protected $scopes = ['read_user'];
+
     /**
      * {@inheritdoc}
      */