Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Feature: Allow token introspection without read scope (#27142)

Browse source
This commit is contained in:
Emelia Smith 2023-10-18 14:10:07 +02:00 committed by GitHub
parent 4612576c68
commit 7c3fea7275
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 79 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

6
app/controllers/api/v1/apps/credentials_controller.rb
View file

@ -1,9 +1,9 @@
# frozen_string_literal: true
class Api::V1::Apps::CredentialsController < Api::BaseController
before_action -> { doorkeeper_authorize! :read }
def show
render json: doorkeeper_token.application, serializer: REST::ApplicationSerializer, fields: %i(name website vapid_key)
return doorkeeper_render_error unless valid_doorkeeper_token?
render json: doorkeeper_token.application, serializer: REST::ApplicationSerializer, fields: %i(name website vapid_key client_id scopes)
end
end