X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/6c6e8883f703efe8e05d893a94c169ac90733d42..aca9bd205e78ac5f5d37489b2583817c178a6f8e:/config/initializers/doorkeeper.rb?ds=sidebyside diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index 32156b821..a2df9167f 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -1,5 +1,7 @@ # frozen_string_literal: true +require_relative "../../lib/oauth" + Doorkeeper.configure do # Change the ORM that doorkeeper will use (requires ORM extensions installed). # Check the list of supported ORMs here: https://github.com/doorkeeper-gem/doorkeeper#orms @@ -48,7 +50,7 @@ Doorkeeper.configure do # end # end - application_class "Oauth2Application" + application_class "Oauth2Application" unless Settings.status == "database_offline" # Enables polymorphic Resource Owner association for Access Tokens and Access Grants. # By default this option is disabled. @@ -419,10 +421,10 @@ Doorkeeper.configure do # Under some circumstances you might want to have applications auto-approved, # so that the user skips the authorization step. # For example if dealing with a trusted application. - # - # skip_authorization do |resource_owner, client| - # client.superapp? or resource_owner.admin? - # end + + skip_authorization do |_, client| + client.scopes.include?("skip_authorization") + end # Configure custom constraints for the Token Introspection request. # By default this configuration option allows to introspect a token by another