<p>This adds a general concept of OAuth 2 scopes that are only available to applications created by administrators and which grant special privileges. It further adds two such scopes:</p>
<ul>
<li><code>skip_authorization</code> which allows the application to be automatically authorised without asking the user to confirm the authorisation</li>
<li><code>read_email</code> which allows the application to receive the user's registered email address as part of a user details API response</li>
</ul>
<p>The ultimate goal is to support single signon for other openstreetmap.org services and specifically for the <a rel="nofollow" href="https://community.openstreetmap.org/">https://community.openstreetmap.org/</a> discourse instance by allowing authentication without a confirmation screen and also allowing access to email addresses.</p>
<hr>
<h4>You can view, comment on, or merge this pull request online at:</h4>
<p> <a href='https://github.com/openstreetmap/openstreetmap-website/pull/3300'>https://github.com/openstreetmap/openstreetmap-website/pull/3300</a></p>
<h4>Commit Summary</h4>
<ul>
<li>Introduce privileged scopes that only an administrator can enable</li>
<li>Add a privileged scope that allows email addresses to be returned</li>
<li>Add a privileged scope that allows authorization to be skipped</li>
<li>Check that use of privileged scopes is restricted to administrators</li>
<li>Check that user email address are only returned with read_email</li>
</ul>
<h4>File Changes</h4>
<ul>
<li>
<strong>M</strong>
<a href="https://github.com/openstreetmap/openstreetmap-website/pull/3300/files#diff-766c34fd6533171eaf54300c153f89d6002c35c02cfc9c5b219251f85180ad07">app/controllers/application_controller.rb</a>
(6)
</li>
<li>
<strong>M</strong>
<a href="https://github.com/openstreetmap/openstreetmap-website/pull/3300/files#diff-6fb325fca5ad7a0cd7ce785091963714cde01a12aadee161adad49592f42e45a">app/controllers/oauth2_applications_controller.rb</a>
(4)
</li>
<li>
<strong>A</strong>
<a href="https://github.com/openstreetmap/openstreetmap-website/pull/3300/files#diff-af21f2a6890b9476fabf56a98f6af361a066162e95f47407abdea2d157713369">app/models/oauth2_application.rb</a>
(11)
</li>
<li>
<strong>M</strong>
<a href="https://github.com/openstreetmap/openstreetmap-website/pull/3300/files#diff-07e9f7ef663c6658db15fb1fde5202424107351588d49ec20b374081fd078846">app/views/api/users/_user.json.jbuilder</a>
(2)
</li>
<li>
<strong>M</strong>
<a href="https://github.com/openstreetmap/openstreetmap-website/pull/3300/files#diff-1fb81a6b5c364ca75b88b74fb22cd6d57eabd121dc5040f5f544a531686e4d4b">app/views/api/users/_user.xml.builder</a>
(1)
</li>
<li>
<strong>M</strong>
<a href="https://github.com/openstreetmap/openstreetmap-website/pull/3300/files#diff-a236bba5ea60795c2902cc0074b91644099de958cdd147a29f155cf0c9d9124d">app/views/oauth2_applications/_form.html.erb</a>
(2)
</li>
<li>
<strong>M</strong>
<a href="https://github.com/openstreetmap/openstreetmap-website/pull/3300/files#diff-c7fc4e057f18c41db72e3ab775f9871e6bee4d7e2b0aba1fdbfb2ea209dd2141">config/initializers/doorkeeper.rb</a>
(12)
</li>
<li>
<strong>M</strong>
<a href="https://github.com/openstreetmap/openstreetmap-website/pull/3300/files#diff-44438ce218f5287c58d0017f965d888715635d94280669896f75841fbd7b4cd7">config/locales/en.yml</a>
(2)
</li>
<li>
<strong>M</strong>
<a href="https://github.com/openstreetmap/openstreetmap-website/pull/3300/files#diff-373d9a0dc0a0811fb3fb744cfed277eb94abc4cbc3dac74ff66ab787a06766be">lib/oauth.rb</a>
(7)
</li>
<li>
<strong>M</strong>
<a href="https://github.com/openstreetmap/openstreetmap-website/pull/3300/files#diff-fa16feb2449d85c917bc2295eb0c38b60b48ec9415f160319d8b10b9f97ea0f7">test/controllers/api/users_controller_test.rb</a>
(147)
</li>
<li>
<strong>M</strong>
<a href="https://github.com/openstreetmap/openstreetmap-website/pull/3300/files#diff-48df02d8ae767051db91f12ae2e8ab059fafaf58cdbf8b11f874326d04cabf1d">test/controllers/oauth2_applications_controller_test.rb</a>
(52)
</li>
<li>
<strong>M</strong>
<a href="https://github.com/openstreetmap/openstreetmap-website/pull/3300/files#diff-665e91619ed8cc70a9e8b5b6c52c4f2862b739593b15aded79bd9b21ad41f5a2">test/factories/oauth_applications.rb</a>
(2)
</li>
</ul>
<h4>Patch Links:</h4>
<ul>
<li><a href='https://github.com/openstreetmap/openstreetmap-website/pull/3300.patch'>https://github.com/openstreetmap/openstreetmap-website/pull/3300.patch</a></li>
<li><a href='https://github.com/openstreetmap/openstreetmap-website/pull/3300.diff'>https://github.com/openstreetmap/openstreetmap-website/pull/3300.diff</a></li>
</ul>
<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/pull/3300">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLI6XQVV576J3TTHAU3T6PRAFANCNFSM5CXNMGEA">unsubscribe</a>.<br />Triage notifications on the go with GitHub Mobile for <a href="https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675">iOS</a> or <a href="https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email">Android</a>.<img src="https://github.com/notifications/beacon/AAK2OLOWM5OEIET3I5VZG2TT6PRAFA5CNFSM5CXNMGEKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4OSQ2VSA.gif" height="1" width="1" alt="" /></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/pull/3300",
"url": "https://github.com/openstreetmap/openstreetmap-website/pull/3300",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>