Added ability to specify a permission scope to SkyAuthHttp

[Blackbaud-PaulCrowder]

No description provided.

[codecov-io]

Codecov Report

Merging #245 into master will not change coverage.
The diff coverage is 100%.

@@          Coverage Diff          @@
##           master   #245   +/-   ##
=====================================
  Coverage     100%   100%           
=====================================
  Files          54     54           
  Lines        1241   1249    +8     
  Branches      183    184    +1     
=====================================
+ Hits         1241   1249    +8

Flag	Coverage Δ
#builder	100% <ø> (ø)	⬆️
#runtime	100% <100%> (ø)	⬆️
#srcapp	100% <ø> (ø)	⬆️

Impacted Files	Coverage Δ
runtime/auth-token-provider.ts	100% <100%> (ø)	⬆️
runtime/auth-http.ts	100% <100%> (ø)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b647924...8e47811. Read the comment docs.

[Blackbaud-SteveBrush]

I'm assuming if multiple scopes were needed, we could pass in a comma-separated string, .withScope('id,first_name,last_name'), for example. It would then be the responsibility of the backend service to parse the scopes appropriately?

[Blackbaud-PaulCrowder]

When SKY UX worked with the permissions and auth teams on defining permission scopes, we decided we would not support accepting multiple permission scopes when retrieving a token. If a caller needs more permissions than an existing permission scope already contains, they will need to register a new permission scope with the permissions service.

[Blackbaud-SteveBrush]

I like this; prevents the scope from being applied to all subsequent requests.

[Blackbaud-SteveBrush]

Looks good!