Add a privileged scope that allows authorization to be skipped

diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index 32156b8217e723f63dcdc439d229d33cef5f8c72..a96e6fd6c68ea28bdb39e7a9c4f34a0949f4dc38 100644 (file)
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -419,10 +419,10 @@ Doorkeeper.configure do
   # Under some circumstances you might want to have applications auto-approved,
   # so that the user skips the authorization step.
   # For example if dealing with a trusted application.
-  #
-  # skip_authorization do |resource_owner, client|
-  #   client.superapp? or resource_owner.admin?
-  # end
+
+  skip_authorization do |_, client|
+    client.scopes.include?("skip_authorization")
+  end
 
   # Configure custom constraints for the Token Introspection request.
   # By default this configuration option allows to introspect a token by another

diff --git a/config/locales/en.yml b/config/locales/en.yml
index 89a869683193a3a04c328c142cc41840dff96076..9d280bf023eae12c41dc9238e5c90969fbd9dbc6 100644 (file)
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -2343,6 +2343,7 @@ en:
       write_gpx: Upload GPS traces
       write_notes: Modify notes
       read_email: Read user email address
+      skip_authorization: Auto approve application
   oauth_clients:
     new:
       title: "Register a new application"

diff --git a/lib/oauth.rb b/lib/oauth.rb
index 07e54d85850c313390bec1c4a0c580f68912300e..7ff2ba8b4358428c04814a899d5e8563be0b971b 100644 (file)
--- a/lib/oauth.rb
+++ b/lib/oauth.rb
@@ -1,6 +1,6 @@
 module Oauth
   SCOPES = %w[read_prefs write_prefs write_diary write_api read_gpx write_gpx write_notes].freeze
-  PRIVILEGED_SCOPES = %w[read_email].freeze
+  PRIVILEGED_SCOPES = %w[read_email skip_authorization].freeze
 
   class Scope
     attr_reader :name