0

I want to allow users to select scopes from a checkbox list. I've setup the form like so:

  <%= f.label :scopes, class: 'col-sm-2 control-label' %>
    <% Doorkeeper.configuration.scopes.each do |scope| %>
      <%= check_box_tag("doorkeeper_application[scopes][#{scope}]", scope, @application.scopes.include?(scope)) %>
      <%= scope %><br>
    <% end %>
  <% end %>

which produces

image

doorkeeper_application[scopes] is accepted by Oauth::ApplicationsController. While users should be able to select multiple scopes, parameters like doorkeeper_application[scopes][foo] are not accepted.

What's the best practice for passing these params to the controller? Or is there a better practice to achieve checkboxed scopes in Doorkeeper?

sawa
  • 165,429
  • 45
  • 277
  • 381
Gregology
  • 1,625
  • 2
  • 18
  • 32

3 Answers3

2

According to the OAuth2 specification, multiple scopes should be joined by space characters. So you should get the names of the checked scopes from params, join them with a space " ", and assign that single value as the doorkeeper_application[scopes] value.

sawa
  • 165,429
  • 45
  • 277
  • 381
  • 1
    Thanks, I opened up checkbox_scopes with `params.require(:doorkeeper_application).permit(:name, :redirect_uri, :scopes, checkbox_scopes: [Doorkeeper.configuration.scopes.to_a])` and then converted the params with `params['scopes'] = params[:checkbox_scopes].nil? ? '' : params[:checkbox_scopes].keys.join(" ")` – Gregology May 21 '18 at 14:52
1

Generally I would recommend using form helpers for this task, because this way rails is able to work its magic and you dont have to deal with the names of the input fields.

I am not familiar with Doorkeeper but I assume the scopes are saved in a table in your database. In this case you should be able to define a has_and_belongs_to_many :scopes relationship on the model the form belongs to.

After that you can generate a checkbox_collection as seen in the answer to this question.

HolySeven
  • 41
  • 7
  • Thanks for the suggestion, as mentioned in Sawa's answer, the scopes are stored as a string with spaces. I wasn't aware that it was an OAuth2 specification – Gregology May 21 '18 at 14:53
1

Starting from version 5.1.0rc2 Doorkeeper support's it out of the box by automatically converting arrays to whitespace-separated scope string. See https://github.com/doorkeeper-gem/doorkeeper/pull/1214 for more details.

For versions above 5.1.0rc2 you need to patch Scopes concern by your-self or pre-process user input params.

Nikita Bulai
  • 66
  • 3