fix(auth): map People service to contacts/directory scope prefixes

[anshul-garg27]

Summary

• Map the people service to contacts and directory scope prefixes so gws auth login -s people includes the required OAuth scopes
• Refactor map_service_to_scope_prefix → map_service_to_scope_prefixes to support services that map to multiple scope prefixes

Problem

The People API exposes scopes like contacts, contacts.readonly, contacts.other.readonly, and directory.readonly — none of which start with people. When users ran gws auth login -s people, zero scopes matched because the scope prefix mapper returned "people" verbatim, resulting in 403 Request had insufficient authentication scopes errors.

Solution

Service	Before	After
people	"people" (no match)	["contacts", "directory"]
sheets	"spreadsheets"	["spreadsheets"]
slides	"presentations"	["presentations"]
docs	"documents"	["documents"]
chat	"chat" (already worked)	["chat"] (verified by tests)

Test plan

• Added test: people service matches contacts, contacts.readonly, contacts.other.readonly, directory.readonly
• Added test: chat service matches chat.spaces, chat.messages
• Existing tests pass (drive, gmail prefix matching unchanged)
• Updated find_unmatched_services to use the new multi-prefix function

Closes #310
Closes #316

[changeset-bot]

🦋 Changeset detected

Latest commit: 26a4267

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@googleworkspace/cli	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request resolves a critical authentication issue for the People API within the gws auth login command. Previously, the people service failed to correctly map to its associated OAuth scopes (contacts and directory), leading to 403 errors. The solution involved a significant refactoring of the scope prefix mapping function to allow a single service to be associated with multiple scope prefixes, thereby ensuring the correct authorization scopes are requested for the People API and other services.

Highlights

• Refactored Scope Prefix Mapping: The logic for mapping user-friendly service names to OAuth scope prefixes was refactored to support services that map to multiple prefixes, improving flexibility and accuracy.
• People API Scope Fix: The people service is now correctly mapped to contacts and directory scope prefixes, resolving authentication issues where gws auth login -s people previously failed to include the necessary OAuth scopes.
• Enhanced Test Coverage: New test cases were introduced to specifically verify the correct scope matching for the people and chat services, ensuring the new mapping logic functions as expected.

Changelog

• .changeset/fix-people-chat-scope-mapping.md
  • Added a new changeset file documenting the scope mapping fix.
• src/auth_commands.rs
  • Updated scope_matches_service to use the new map_service_to_scope_prefixes function, enabling support for multiple scope prefixes.
  • Renamed and refactored map_service_to_scope_prefix to map_service_to_scope_prefixes, changing its return type from a single string slice to a vector of string slices.
  • Added a specific mapping for the people service to contacts and directory scope prefixes.
  • Modified find_unmatched_services to leverage the updated multi-prefix mapping logic.
  • Introduced new unit tests to confirm correct scope matching for the people and chat services.

Activity

• Added tests to ensure the people service correctly matches contacts, contacts.readonly, contacts.other.readonly, and directory.readonly scopes.
• Added tests to verify the chat service matches chat.spaces and chat.messages scopes.
• Confirmed that all existing tests continue to pass.
• Updated the find_unmatched_services function to integrate with the new multi-prefix mapping.
• Closed issues people service does not request contacts OAuth scope during auth login #310 and Auth scope picker missing scopes for People, Chat, and other services #316, indicating resolution of related problems.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Generative AI Prohibited Use Policy, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

The pull request effectively addresses the issue where the people service was not correctly mapping to its associated OAuth scope prefixes. The refactoring of map_service_to_scope_prefix to map_service_to_scope_prefixes to return a Vec<&str> is a sound approach to handle services that map to multiple prefixes. The changes are consistently applied in scope_matches_service and find_unmatched_services, and the addition of new test cases for people and chat services provides good coverage for the updated logic. The solution aligns well with the problem statement and improves the robustness of scope matching.