Add a privileged scope that allows authorization to be skipped

[rails.git] / config / initializers / doorkeeper.rb

diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index 32156b8217e723f63dcdc439d229d33cef5f8c72..a96e6fd6c68ea28bdb39e7a9c4f34a0949f4dc38 100644 (file)
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -419,10 +419,10 @@ Doorkeeper.configure do
   # Under some circumstances you might want to have applications auto-approved,
   # so that the user skips the authorization step.
   # For example if dealing with a trusted application.
-  #
-  # skip_authorization do |resource_owner, client|
-  #   client.superapp? or resource_owner.admin?
-  # end
+
+  skip_authorization do |_, client|
+    client.scopes.include?("skip_authorization")
+  end
 
   # Configure custom constraints for the Token Introspection request.
   # By default this configuration option allows to introspect a token by another