Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Doorkeeper limit application scopes

I have a doorkeeper provider and I need to add some scopes that not all apps can use. I want to limit the scopes a token can ask for, to the scopes than an application has access to.

So for example, application A is an app that has "access" to the xyz and abc scopes, but application B can only "access" the scope abc.

All access tokens from application B might require the abc scope but could not ask for scope xyz. Access tokens from application A might have any (or both) of those scopes.

Is there any way to prevent application B from requesting scope xyz? Or how would you implement this?

Thanks a lot!

like image 998
Hock Avatar asked Nov 02 '22 11:11

Hock


1 Answers

No, there's not a particularly clean way of doing this right now within Doorkeeper.

It has been discussed in this issue, and there are two potential patches proposed here and here. Hopefully one of those makes it into the gem. If you need this feature urgently, people have also provided several monkey-patching solutions in the comments of those issues.

like image 111
Ian Greenleaf Young Avatar answered Nov 13 '22 17:11

Ian Greenleaf Young