doorkeeper
Search…
Scopes

Access Token Scopes

You can also require the access token to have specific scopes in certain actions:
First configure the scopes in initializers/doorkeeper.rb
1
Doorkeeper.configure do
2
default_scopes :public # if no scope was requested, this will be the default
3
optional_scopes :admin, :write
4
end
Copied!
And in your controllers:
1
class Api::V1::ProductsController < Api::V1::ApiController
2
before_action -> { doorkeeper_authorize! :public }, only: :index
3
before_action only: [:create, :update, :destroy] do
4
doorkeeper_authorize! :admin, :write
5
end
6
end
Copied!
Please note that there is a logical OR between multiple required scopes. In the above example, doorkeeper_authorize! :admin, :write means that the access token is required to have either :admin scope or :write scope, but does not need to have both of them.
If you want to require the access token to have multiple scopes at the same time, use multiple doorkeeper_authorize!, for example:
1
class Api::V1::ProductsController < Api::V1::ApiController
2
before_action -> { doorkeeper_authorize! :public }, only: :index
3
before_action only: [:create, :update, :destroy] do
4
doorkeeper_authorize! :admin
5
doorkeeper_authorize! :write
6
end
7
end
Copied!
In the above example, a client can call :create action only if its access token has both :admin and :write scopes.
Copy link