[openstreetmap/openstreetmap-website] Add support for privileged OAuth 2 applications (#3300)

Tom Hughes notifications at github.com
Tue Aug 24 18:35:46 UTC 2021 

This adds a general concept of OAuth 2 scopes that are only available to applications created by administrators and which grant special privileges. It further adds two such scopes:

* `skip_authorization` which allows the application to be automatically authorised without asking the user to confirm the authorisation
* `read_email` which allows the application to receive the user's registered email address as part of a user details API response

The ultimate goal is to support single signon for other openstreetmap.org services and specifically for the https://community.openstreetmap.org/ discourse instance by allowing authentication without a confirmation screen and also allowing access to email addresses.
You can view, comment on, or merge this pull request online at:

  https://github.com/openstreetmap/openstreetmap-website/pull/3300

-- Commit Summary --

  * Introduce privileged scopes that only an administrator can enable
  * Add a privileged scope that allows email addresses to be returned
  * Add a privileged scope that allows authorization to be skipped
  * Check that use of privileged scopes is restricted to administrators
  * Check that user email address are only returned with read_email

-- File Changes --

    M app/controllers/application_controller.rb (6)
    M app/controllers/oauth2_applications_controller.rb (4)
    A app/models/oauth2_application.rb (11)
    M app/views/api/users/_user.json.jbuilder (2)
    M app/views/api/users/_user.xml.builder (1)
    M app/views/oauth2_applications/_form.html.erb (2)
    M config/initializers/doorkeeper.rb (12)
    M config/locales/en.yml (2)
    M lib/oauth.rb (7)
    M test/controllers/api/users_controller_test.rb (147)
    M test/controllers/oauth2_applications_controller_test.rb (52)
    M test/factories/oauth_applications.rb (2)

-- Patch Links --

https://github.com/openstreetmap/openstreetmap-website/pull/3300.patch
https://github.com/openstreetmap/openstreetmap-website/pull/3300.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/3300
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20210824/105601fe/attachment.htm>

More information about the rails-dev mailing list