I have a doorkeeper provider and I need to add some scopes that not all apps can use. I want to limit the scopes a token can ask for, to the scopes than an application has access to.
So for example, application A is an app that has "access" to the xyz
and abc
scopes, but application B can only "access" the scope abc
.
All access tokens from application B might require the abc
scope but could not ask for scope xyz
. Access tokens from application A might have any (or both) of those scopes.
Is there any way to prevent application B from requesting scope xyz
? Or how would you implement this?
Thanks a lot!
No, there's not a particularly clean way of doing this right now within Doorkeeper.
It has been discussed in this issue, and there are two potential patches proposed here and here. Hopefully one of those makes it into the gem. If you need this feature urgently, people have also provided several monkey-patching solutions in the comments of those issues.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With