Patch up oauth implementation (#560)

2026-05-01 10:45:21 +00:00 · 2025-10-03 18:22:37 -04:00
parent 15744b3442
commit 5ae07f5643
10 changed files with 156 additions and 1 deletions
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -3,6 +3,10 @@
 Doorkeeper.configure do
  base_controller "ApplicationController"

+  default_scopes "profile"
+  optional_scopes "read"
+  enforce_configured_scopes
+
  resource_owner_authenticator do
    current_user || redirect_to(minimal_login_path(continue: request.fullpath))
  end
@@ -20,4 +24,11 @@ Doorkeeper.configure do
  access_token_expires_in 16.years

  reuse_access_token
+
+  # Allow public clients (desktop/mobile apps) without client secrets
+  allow_blank_redirect_uri
+  skip_client_authentication_for_password_grant
+
+  # Enable PKCE for public clients
+  force_ssl_in_redirect_uri false
 end
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -154,8 +154,14 @@ Rails.application.routes.draw do
        get "heartbeats", to: "heartbeats#index"
      end

+      # oauth authenticated namespace
      namespace :authenticated do
        resources :me, only: [ :index ]
+        get "hours", to: "hours#index"
+        get "streak", to: "streak#show"
+        get "projects", to: "projects#index"
+        # get "projects/:name", to: "projects#show", constraints: { name: /.+/ }
+        get "heartbeats/latest", to: "heartbeats#latest"
      end
    end