I wish to auto-autorize some trusted apps for our rails API with doorkeeper
# Skip Authorization for trusted clients
Doorkeeper.configure
skip_authorization do |resource_owner, client|
client.superapp? || resource_owner.admin?
end
end
According to this comment, it is a concept that app understands.
Should this be done using the client_id(s) whitelisting? How can I specify the list of superapp(s)? Thanks in advance!
Superapp is a concept that is supposed to be custom implemented.
Ref: https://github.com/doorkeeper-gem/doorkeeper/issues/488
The easiest way you could auto authorize a trusted app is if you use the trusted client's application id like below:
# config/initializers/doorkeeper.rb
skip_authorization do |resource_owner, client|
client.uid == "client application id goes here"
end
Perhaps you could also use scopes and make the client's scopes field to be 'trusted' (As far as I know by directly going to the Database).
But, I believe, scopes are not supposed to be used this way. They usually notify the resource_owner what type of client it is so that he/she can choose to authorize or not.
Ref: https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
I hope this helps! It would be nice if anyone has a better way of implementing this though.