-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for dynamic scopes #1739
Conversation
3287cfb
to
af40ef9
Compare
@nbulaj What do you think of this pull request? Also I'm not sure how best to fix the Code Climate errors. I tried to disable the
|
+1 |
We're long time users of Doorkeeper and having the ability to use dynamic scopes in Doorkeeper would be very helpful to the projects we have planned. 😄 Are there any plans to merge this and include it in the gem? |
hey @stanhu 👋 Sounds interesting, but I wasn't able to find some RFC. So it looks like a custom addition to the spec. Do we have any docs to reference? Except keycloack 😄 |
@nbulaj I don't think there is a spec governing how scopes are handled; I think that is an application-specific decision. I will keep looking. |
As https://datatracker.ietf.org/doc/html/rfc6749#page-23 mentions:
RabbitMQ, for example, supports wildcard OAuth2 scopes: https://www.rabbitmq.com/docs/oauth2#scope-translation |
Anyway I like it 👍 |
I see tests failing but seems to be related to something else 🤔 Looks like something change in Rails |
The tests are failing due to https://github.com/doorkeeper-gem/doorkeeper//commit/b4bd6803147934d41d0d19642ef8e97d48984090. Rails is showing the exception because rails/rails#45867 deprecated |
#1742 fixes the broken Rails tests. |
Can we rebase now @stanhu ? Above one is merged now 🙇 |
This commit adds support for dynamic scopes, which are disabled by default. As discussed in keycloak/keycloak#8486, a dynamic scope notation is in the form: <static-part>:<variable-part> The objective of this feature is to have a static part of the scope that represents an entity and a variable part that identifies the entity. For example, a scope of `user:1` could be interpreted as allowing access to perform actions of user 1. A wildcard (`*`) is allowed in the variable part, such as `user:*`. This scope allows the request to perform actions as any users. Dynamic scopes can be enabled via: ```ruby Doorkeeper.configure do enable_dynamic_scopes end ``` A custom delimiter can also be configured: ```ruby Doorkeeper.configure do enable_dynamic_scopes(delimiter: '-') end ``` Relates to doorkeeper-gem#431
af40ef9
to
6c06b02
Compare
@nbulaj Done, thanks! |
Code Climate is flagging this file because it has more than 20 methods.
4cc08ce
to
ba5b258
Compare
@nbulaj Friendly ping: could you take a look at this pull request? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just checked, awesome work, LGTM 👍
Can we please add a changelog entry? 🙏 |
@nbulaj Done! |
@nbulaj Thank you for the merge! Would you mind tagging a new release? |
Will review rest of the opened MRs tomorrow and yes, will prepare a release. Maybe more can be included as well |
I wonder if we could support nested scopes in a similar way? e.g., |
This commit adds support for dynamic scopes, which are disabled by default.
As discussed in keycloak/keycloak#8486, a dynamic scope notation is in the form:
The objective of this feature is to have a static part of the scope that represents an entity and a variable part that identifies the entity.
For example, a scope of
user:1
could be interpreted as allowing access to perform actions of user 1. A wildcard (*
) is allowed in the variable part, such asuser:*
. This scope allows the request to perform actions as any users.Dynamic scopes can be enabled via:
A custom delimiter can also be configured:
Relates to #431