[openstreetmap/openstreetmap-website] Add support for privileged OAuth 2 applications (#3300)
mmd
notifications at github.com
Fri Aug 27 16:44:34 UTC 2021
No, it's the same when I register a new app, clean up all cookies in Postman and authorize a user for the first time.
I believe, `client.scopes` in doorkeeper.rb refers to the application level scopes, which I have set when registering a new OAuth2 application.
```
skip_authorization do |_, client|
client.scopes.include?("skip_authorization")
end
```
In debug mode, I'm always seeing all three scopes, regardless of what I have specified in Postman when requesting a new access token:
```
>> client.scopes
=> #<Doorkeeper::OAuth::Scopes:0x00007f793029c218 @scopes=["read_prefs", "read_email", "skip_authorization"]>
```
My question here would be: which of those two should take precedence:
- the scopes used when registering the application, or
- the scopes provided when authorizing a user
As I mentioned, I would be ok with option 1. The advantage is that you don't have to specify the skip_authorization scope in Discourse.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/3300#issuecomment-907334173
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20210827/d6208ddc/attachment.htm>
More information about the rails-dev
mailing list