Follow up - b9b3a73474 - Fixes #3085 - Required Doorkeeper scope is missing and fails authentication.
This commit is contained in:
Thorsten Eckel
parent
767239733c
commit
9ef0a368c0
3 changed files with 36 additions and 11 deletions
|
|
@ -7,7 +7,7 @@ Doorkeeper.configure do
|
||||||
# fail "Please configure doorkeeper resource_owner_authenticator block located in #{__FILE__}"
|
# fail "Please configure doorkeeper resource_owner_authenticator block located in #{__FILE__}"
|
||||||
# Put your resource owner authentication logic here.
|
# Put your resource owner authentication logic here.
|
||||||
# Example implementation:
|
# Example implementation:
|
||||||
User.find_by(id: session[:user_id]) || redirect_to(new_user_session_url)
|
User.find_by(id: session[:user_id]) || redirect_to(root_path)
|
||||||
end
|
end
|
||||||
|
|
||||||
# If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.
|
# If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.
|
||||||
|
|
@ -54,7 +54,7 @@ Doorkeeper.configure do
|
||||||
# Define access token scopes for your provider
|
# Define access token scopes for your provider
|
||||||
# For more information go to
|
# For more information go to
|
||||||
# https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
|
# https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
|
||||||
# default_scopes :public
|
default_scopes :full
|
||||||
# optional_scopes :write, :update
|
# optional_scopes :write, :update
|
||||||
|
|
||||||
# Change the way client credentials are retrieved from the request object.
|
# Change the way client credentials are retrieved from the request object.
|
||||||
|
|
|
||||||
|
|
@ -11,8 +11,12 @@ en:
|
||||||
redirect_uri:
|
redirect_uri:
|
||||||
fragment_present: 'cannot contain a fragment.'
|
fragment_present: 'cannot contain a fragment.'
|
||||||
invalid_uri: 'must be a valid URI.'
|
invalid_uri: 'must be a valid URI.'
|
||||||
|
unspecified_scheme: 'must specify a scheme.'
|
||||||
relative_uri: 'must be an absolute URI.'
|
relative_uri: 'must be an absolute URI.'
|
||||||
secured_uri: 'must be an HTTPS/SSL URI.'
|
secured_uri: 'must be an HTTPS/SSL URI.'
|
||||||
|
forbidden_uri: 'is forbidden by the server.'
|
||||||
|
scopes:
|
||||||
|
not_match_configured: "doesn't match configured on the server."
|
||||||
|
|
||||||
doorkeeper:
|
doorkeeper:
|
||||||
applications:
|
applications:
|
||||||
|
|
@ -27,8 +31,9 @@ en:
|
||||||
form:
|
form:
|
||||||
error: 'Whoops! Check your form for possible errors'
|
error: 'Whoops! Check your form for possible errors'
|
||||||
help:
|
help:
|
||||||
|
confidential: 'Application will be used where the client secret can be kept confidential. Native mobile apps and Single Page Apps are considered non-confidential.'
|
||||||
redirect_uri: 'Use one line per URI'
|
redirect_uri: 'Use one line per URI'
|
||||||
native_redirect_uri: 'Use %{native_redirect_uri} for local tests'
|
blank_redirect_uri: "Leave it blank if you configured your provider to use Client Credentials, Resource Owner Password Credentials or any other grant type that doesn't require redirect URI."
|
||||||
scopes: 'Separate scopes with spaces. Leave blank to use the default scopes.'
|
scopes: 'Separate scopes with spaces. Leave blank to use the default scopes.'
|
||||||
edit:
|
edit:
|
||||||
title: 'Edit application'
|
title: 'Edit application'
|
||||||
|
|
@ -37,13 +42,19 @@ en:
|
||||||
new: 'New Application'
|
new: 'New Application'
|
||||||
name: 'Name'
|
name: 'Name'
|
||||||
callback_url: 'Callback URL'
|
callback_url: 'Callback URL'
|
||||||
|
confidential: 'Confidential?'
|
||||||
|
actions: 'Actions'
|
||||||
|
confidentiality:
|
||||||
|
'yes': 'Yes'
|
||||||
|
'no': 'No'
|
||||||
new:
|
new:
|
||||||
title: 'New Application'
|
title: 'New Application'
|
||||||
show:
|
show:
|
||||||
title: 'Application: %{name}'
|
title: 'Application: %{name}'
|
||||||
application_id: 'Application Id'
|
application_id: 'Application UID'
|
||||||
secret: 'Secret'
|
secret: 'Secret'
|
||||||
scopes: 'Scopes'
|
scopes: 'Scopes'
|
||||||
|
confidential: 'Confidential'
|
||||||
callback_urls: 'Callback urls'
|
callback_urls: 'Callback urls'
|
||||||
actions: 'Actions'
|
actions: 'Actions'
|
||||||
|
|
||||||
|
|
@ -71,20 +82,29 @@ en:
|
||||||
created_at: 'Created At'
|
created_at: 'Created At'
|
||||||
date_format: '%Y-%m-%d %H:%M:%S'
|
date_format: '%Y-%m-%d %H:%M:%S'
|
||||||
|
|
||||||
|
pre_authorization:
|
||||||
|
status: 'Pre-authorization'
|
||||||
|
|
||||||
errors:
|
errors:
|
||||||
messages:
|
messages:
|
||||||
# Common error messages
|
# Common error messages
|
||||||
invalid_request: 'The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.'
|
invalid_request:
|
||||||
invalid_redirect_uri: 'The redirect uri included is not valid.'
|
unknown: 'The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.'
|
||||||
|
missing_param: 'Missing required parameter: %{value}.'
|
||||||
|
not_support_pkce: 'Invalid code_verifier parameter. Server does not support pkce.'
|
||||||
|
request_not_authorized: 'Request need to be authorized. Required parameter for authorizing request is missing or invalid.'
|
||||||
|
invalid_redirect_uri: "The requested redirect uri is malformed or doesn't match client redirect URI."
|
||||||
unauthorized_client: 'The client is not authorized to perform this request using this method.'
|
unauthorized_client: 'The client is not authorized to perform this request using this method.'
|
||||||
access_denied: 'The resource owner or authorization server denied the request.'
|
access_denied: 'The resource owner or authorization server denied the request.'
|
||||||
invalid_scope: 'The requested scope is invalid, unknown, or malformed.'
|
invalid_scope: 'The requested scope is invalid, unknown, or malformed.'
|
||||||
|
invalid_code_challenge_method: 'The code challenge method must be plain or S256.'
|
||||||
server_error: 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.'
|
server_error: 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.'
|
||||||
temporarily_unavailable: 'The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.'
|
temporarily_unavailable: 'The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.'
|
||||||
|
|
||||||
#configuration error messages
|
# Configuration error messages
|
||||||
credential_flow_not_configured: 'Resource Owner Password Credentials flow failed due to Doorkeeper.configure.resource_owner_from_credentials being unconfigured.'
|
credential_flow_not_configured: 'Resource Owner Password Credentials flow failed due to Doorkeeper.configure.resource_owner_from_credentials being unconfigured.'
|
||||||
resource_owner_authenticator_not_configured: 'Resource Owner find failed due to Doorkeeper.configure.resource_owner_authenticator being unconfiged.'
|
resource_owner_authenticator_not_configured: 'Resource Owner find failed due to Doorkeeper.configure.resource_owner_authenticator being unconfigured.'
|
||||||
|
admin_authenticator_not_configured: 'Access to admin panel is forbidden due to Doorkeeper.configure.admin_authenticator being unconfigured.'
|
||||||
|
|
||||||
# Access grant errors
|
# Access grant errors
|
||||||
unsupported_response_type: 'The authorization server does not support this response type.'
|
unsupported_response_type: 'The authorization server does not support this response type.'
|
||||||
|
|
@ -94,13 +114,12 @@ en:
|
||||||
invalid_grant: 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.'
|
invalid_grant: 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.'
|
||||||
unsupported_grant_type: 'The authorization grant type is not supported by the authorization server.'
|
unsupported_grant_type: 'The authorization grant type is not supported by the authorization server.'
|
||||||
|
|
||||||
# Password Access token errors
|
|
||||||
invalid_resource_owner: 'The provided resource owner credentials are not valid, or resource owner cannot be found'
|
|
||||||
|
|
||||||
invalid_token:
|
invalid_token:
|
||||||
revoked: "The access token was revoked"
|
revoked: "The access token was revoked"
|
||||||
expired: "The access token expired"
|
expired: "The access token expired"
|
||||||
unknown: "The access token is invalid"
|
unknown: "The access token is invalid"
|
||||||
|
revoke:
|
||||||
|
unauthorized: "You are not authorized to revoke this token"
|
||||||
|
|
||||||
flash:
|
flash:
|
||||||
applications:
|
applications:
|
||||||
|
|
@ -116,6 +135,7 @@ en:
|
||||||
|
|
||||||
layouts:
|
layouts:
|
||||||
admin:
|
admin:
|
||||||
|
title: 'Doorkeeper'
|
||||||
nav:
|
nav:
|
||||||
oauth2_provider: 'OAuth2 Provider'
|
oauth2_provider: 'OAuth2 Provider'
|
||||||
applications: 'Applications'
|
applications: 'Applications'
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,5 @@
|
||||||
|
class Issue3085DoorkeeperScopes < ActiveRecord::Migration[5.2]
|
||||||
|
def change
|
||||||
|
Doorkeeper::AccessGrant.where(scopes: ['', nil]).update_all(scopes: 'full') # rubocop:disable Rails/SkipsModelValidations
|
||||||
|
end
|
||||||
|
end
|
||||||
Loading…
Reference in a new issue