Add read:me OAuth 2.0 scope, allowing more limited access to user data (#29087)

2024-04-23 13:47:00 +02:00 · 2024-04-23 13:47:00 +02:00 · 049b159beb
commit 049b159beb
parent d754b15afb
4 changed files with 17 additions and 1 deletions
--- a/app/controllers/api/v1/accounts/credentials_controller.rb
+++ b/app/controllers/api/v1/accounts/credentials_controller.rb
@ -1,7 +1,7 @@
 # frozen_string_literal: true

 class Api::V1::Accounts::CredentialsController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :read, :'read:accounts' }, except: [:update]
+  before_action -> { doorkeeper_authorize! :read, :'read:accounts', :'read:me' }, except: [:update]
  before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, only: [:update]
  before_action :require_user!