You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Doorkeeper should enforce the scopes when creating/editing registered applications via /oauth/applications/new and /oauth/applications/123/edit.
Currently it is possible to enter nonexistent scopes (like "blahblah") when creating/editing an application, and those scopes will be used in the authorization step. When authorizing to the application, the /oauth/authorize page shows the untranslated scope names, and authorization succeeds. No error messages are displayed, other than the tooltip saying the scope is not translated.
In other words, there is not much purpose to the optional_scopes configuration, since those can be easily ignored/overridden when registering a new application. It seems to me that the default behavior should be to enforce each application's scopes are in either default_scopes or optional_scopes, during the application's create/update step.
The text was updated successfully, but these errors were encountered:
Followup to #896
Doorkeeper should enforce the scopes when creating/editing registered applications via
/oauth/applications/newand/oauth/applications/123/edit.Currently it is possible to enter nonexistent scopes (like "blahblah") when creating/editing an application, and those scopes will be used in the authorization step. When authorizing to the application, the
/oauth/authorizepage shows the untranslated scope names, and authorization succeeds. No error messages are displayed, other than the tooltip saying the scope is not translated.In other words, there is not much purpose to the
optional_scopesconfiguration, since those can be easily ignored/overridden when registering a new application. It seems to me that the default behavior should be to enforce each application's scopes are in eitherdefault_scopesoroptional_scopes, during the application's create/update step.The text was updated successfully, but these errors were encountered: