Sagar Ranglani Sagar Ranglani - 2 years ago 154
Ruby Question

How to specify the list of superapp(s) for doorkeeper's skip_authorization block?

I wish to auto-autorize some trusted apps for our rails API with doorkeeper

# Skip Authorization for trusted clients
Doorkeeper.configure
skip_authorization do |resource_owner, client|
client.superapp? || resource_owner.admin?
end
end


According to this comment, it is a concept that app understands.

Should this be done using the client_id(s) whitelisting?
How can I specify the list of superapp(s)?
Thanks in advance!

Answer Source

Superapp is a concept that is supposed to be custom implemented.
Ref: https://github.com/doorkeeper-gem/doorkeeper/issues/488

The easiest way you could auto authorize a trusted app is if you use the trusted client's application id like below:

# config/initializers/doorkeeper.rb
  skip_authorization do |resource_owner, client|
    client.uid == "client application id goes here"
  end

Perhaps you could also use scopes and make the client's scopes field to be 'trusted' (As far as I know by directly going to the Database).

But, I believe, scopes are not supposed to be used this way. They usually notify the resource_owner what type of client it is so that he/she can choose to authorize or not.
Ref: https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes

I hope this helps! It would be nice if anyone has a better way of implementing this though.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download