mirror of https://github.com/docusealco/docuseal
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
56 lines
1.7 KiB
56 lines
1.7 KiB
# frozen_string_literal: true
|
|
|
|
Doorkeeper.configure do
|
|
orm :active_record
|
|
|
|
# Runs inside Warden context. Redirect to the Devise sign-in page if the
|
|
# visitor is not logged in, remembering where to return after auth.
|
|
resource_owner_authenticator do
|
|
if current_user
|
|
current_user
|
|
else
|
|
session[:user_return_to] = request.fullpath
|
|
redirect_to(main_app.new_user_session_url)
|
|
nil
|
|
end
|
|
end
|
|
|
|
resource_owner_from_credentials { nil } # no Resource Owner Password Credentials grant
|
|
|
|
# Doorkeeper's built-in controllers (Authorizations, TokenInfo, AuthorizedApps)
|
|
# inherit from this. Must be an HTML controller so the consent view renders.
|
|
base_controller 'ApplicationController'
|
|
|
|
grant_flows %w[authorization_code refresh_token]
|
|
|
|
# PKCE: S256 only; required for all non-confidential (public) clients.
|
|
pkce_code_challenge_methods %w[S256]
|
|
force_pkce
|
|
|
|
default_scopes :mcp
|
|
optional_scopes :mcp
|
|
|
|
access_token_expires_in 1.hour
|
|
use_refresh_token
|
|
|
|
# Hash access-token and refresh-token secrets in the DB.
|
|
hash_token_secrets using: '::Doorkeeper::SecretStoring::Sha256Hash'
|
|
|
|
# Always show the consent screen.
|
|
skip_authorization { false }
|
|
end
|
|
|
|
# Doorkeeper's own controllers inherit ApplicationController which enables CanCan
|
|
# check_authorization. Exempt them — they have no CanCan subjects.
|
|
Rails.application.config.to_prepare do
|
|
%w[
|
|
Doorkeeper::AuthorizationsController
|
|
Doorkeeper::TokensController
|
|
Doorkeeper::TokenInfoController
|
|
Doorkeeper::AuthorizedApplicationsController
|
|
].each do |name|
|
|
klass = name.safe_constantize
|
|
klass.skip_authorization_check if klass && klass.respond_to?(:skip_authorization_check)
|
|
end
|
|
end
|