Open
Description
Steps to reproduce
What we need to do to see your problem or bug?
Create a client app that has read and write scopes:
#<OauthApplication:0x0000ffff8c614450 id: 1, name: "client_app_0", uid: "***", secret: "***", redirect_uri: "http://localhost:3001/oauth/callback", scopes: "read write", confidential: true, created_at: Thu, 25 Jul 2024 10:46:30.141147000 UTC +00:00, updated_at: Mon, 26 Aug 2024 15:53:34.834773000 UTC +00:00>
Do the standard doorkeeper.rb configuration, enabling refresh tokens (see below).
Create a client request of this form:
get '/auth' do settings.logger.info "received request for /auth path" redirect settings.client_external.auth_code.authorize_url( redirect_uri: REDIRECT_URI_EXTERNAL, scope: "read write" ) end
The more detailed the issue, the more likely that we will fix it ASAP.
Don't use GitHub issues for questions like "How can I do that?" —
use StackOverflow
instead with the corresponding tag.
Expected behavior
Tell us what should happen
The response to the client should have both an access token and a refresh token.
Actual behavior
Tell us what happens instead
Only an access token is returned.
If my client app request a single scope, i.e. only requests the scope or only requests the write scope, then the access token plus a refresh token is in the response.
But when the client requests both read and write scopes, then the access token is returned in the response, but the refresh token is not.
System configuration
You can help us to understand your problem if you will share some very
useful information about your project environment (don't forget to
remove any confidential data if it exists).
Doorkeeper initializer:
# config/initializers/doorkeeper.rb
Doorkeeper.configure do
# ...
orm :active_record
resource_owner_authenticator do
if user_signed_in?
if request.path == "/oauth/authorize/native"
8000
# the /oauth/authorize/native path is only used for mobile devices
# and so it is better to deactivate it
redirect_to root_path, alert: "You are not authorized to perform this action."
else
current_user
end
else
warden.authenticate!(scope: :user)
end
end
admin_authenticator do |_routes|
if current_user
unless current_user.can_super_admin?
redirect_to root_path, alert: "You are not authorized to perform this action."
end
else
warden.authenticate!(scope: :user)
end
end
grant_flows %w[authorization_code client_credentials]
default_scopes :read
optional_scopes :write
enforce_configured_scopes
access_token_expires_in 30.days
reuse_access_token
use_refresh_token expiry: 90.days
force_ssl_in_redirect_uri false
endRuby version: ``
3.0.5
Gemfile.lock:
Gemfile.lock content
GEM
remote: https://rubygems.org/
specs:
actioncable (6.1.7.3)
actionpack (= 6.1.7.3)
activesupport (= 6.1.7.3)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
actionmailbox (6.1.7.3)
actionpack (= 6.1.7.3)
activejob (= 6.1.7.3)
activerecord (= 6.1.7.3)
activestorage (= 6.1.7.3)
activesupport (= 6.1.7.3)
mail (>= 2.7.1)
actionmailer (6.1.7.3)
actionpack (= 6.1.7.3)
actionview (= 6.1.7.3)
activejob (= 6.1.7.3)
activesupport (= 6.1.7.3)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0)
actionpack (6.1.7.3)
actionview (= 6.1.7.3)
activesupport (= 6.1.7.3)
rack (~> 2.0, >= 2.0.9)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.2.0)
actiontext (6.1.7.3)
actionpack (= 6.1.7.3)
activerecord (= 6.1.7.3)
activestorage (= 6.1.7.3)
activesupport (= 6.1.7.3)
nokogiri (>= 1.8.5)
actionview (6.1.7.3)
activesupport (= 6.1.7.3)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.1, >= 1.2.0)
activejob (6.1.7.3)
activesupport (= 6.1.7.3)
globalid (>= 0.3.6)
activemodel (6.1.7.3)
activesupport (= 6.1.7.3)
activerecord (6.1.7.3)
activemodel (= 6.1.7.3)
activesupport (= 6.1.7.3)
activerecord_json_validator (2.1.3)
activerecord (>= 4.2.0, < 8)
json_schemer (~> 0.2.18)
activestorage (6.1.7.3)
actionpack (= 6.1.7.3)
activejob (= 6.1.7.3)
activerecord (= 6.1.7.3)
activesupport (= 6.1.7.3)
marcel (~> 1.0)
mini_mime (>= 1.1.0)
activesupport (6.1.7.3)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
tzinfo (~> 2.0)
zeitwerk (~> 2.3)
addressable (2.8.4)
public_suffix (>= 2.0.2, < 6.0)
annotate (3.2.0)
activerecord (>= 3.2, < 8.0)
rake (>= 10.4, < 14.0)
annotate_gem (0.0.14)
bundler (>= 1.1)
api-pagination (5.0.0)
ast (2.4.2)
autoprefixer-rails (10.4.13.0)
execjs (~> 2)
bcrypt (3.1.18)
better_errors (2.9.1)
coderay (>= 1.0.0)
erubi (>= 1.0.0)
rack (>= 0.9.0)
bindex (0.8.1)
binding_of_caller (1.0.0)
debug_inspector (>= 0.0.1)
bootsnap (1.16.0)
msgpack (~> 1.2)
brakeman (5.4.1)
builder (3.2.4)
bullet (7.0.7)
activesupport (>= 3.0.0)
uniform_notifier (~> 1.11)
bundle-audit (0.1.0)
bundler-audit
bundler-audit (0.9.1)
bundler (>= 1.2.0, < 3)
thor (~> 1.0)
byebug (11.1.3)
capybara (3.39.0)
addressable
matrix
mini_mime (>= 0.1.3)
nokogiri (~> 1.8)
rack (>= 1.6.0)
rack-test (>= 0.6.3)
regexp_parser (>= 1.5, < 3.0)
xpath (~> 3.2)
claide (1.1.0)
claide-plugins (0.9.2)
cork
nap
open4 (~> 1.3)
coderay (1.1.3)
colored2 (3.1.2)
concurrent-ruby (1.2.2)
contact_us (1.2.0)
rails (>= 4.2.0)
cork (0.3.0)
colored2 (~> 3.1)
crack (0.4.5)
rexml
crass (1.0.6)
cssbundling-rails (1.1.2)
railties (>= 6.0.0)
danger (9.2.0)
claide (~> 1.0)
claide-plugins (>= 0.9.2)
colored2 (~> 3.1)
cork (~> 0.1)
faraday (>= 0.9.0, < 3.0)
faraday-http-cache (~> 2.0)
git (~> 1.7)
kramdown (~> 2.3)
kramdown-parser-gfm (~> 1.0)
no_proxy_fix
octokit (~> 5.0)
terminal-table (>= 1, < 4)
database_cleaner (2.0.2)
database_cleaner-active_record (>= 2, < 3)
database_cleaner-active_record (2.1.0)
activerecord (>= 5.a)
database_cleaner-core (~> 2.0.0)
database_cleaner-core (2.0.1)
debug_inspector (1.1.0)
devise (4.9.2)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 4.1.0)
responders
warden (~> 1.2.3)
devise_invitable (2.0.7)
actionmailer (>= 5.0)
devise (>= 4.6)
diff-lcs (1.5.0)
doorkeeper (5.7.1)
railties (>= 5)
dotenv (2.8.1)
dotenv-rails (2.8.1)
dotenv (= 2.8.1)
railties (>= 3.2)
dragonfly (1.4.0)
addressable (~> 2.3)
multi_json (~> 1.0)
rack (>= 1.3)
dragonfly-s3_data_store (1.3.0)
dragonfly (~> 1.0)
fog-aws
ecma-re-validator (0.4.0)
regexp_parser (~> 2.2)
erubi (1.12.0)
excon (0.99.0)
execjs (2.8.1)
factory_bot (6.2.1)
activesupport (>= 5.0.0)
factory_bot_rails (6.2.0)
factory_bot (~> 6.2.0)
railties (>= 5.0.0)
faker (3.1.1)
i18n (>= 1.8.11, < 2)
faraday (2.7.4)
faraday-net_http (>= 2.0, < 3.1)
ruby2_keywords (>= 0.0.4)
faraday-http-cache (2.4.1)
faraday (>= 0.8)
faraday-net_http (3.0.2)
ffi (1.15.5)
flag_shih_tzu (0.3.23)
fog-aws (3.18.0)
fog-core (~> 2.1)
fog-json (~> 1.1)
fog-xml (~> 0.1)
fog-core (2.3.0)
builder
excon (~> 0.71)
formatador (>= 0.2, < 2.0)
mime-types
fog-json (1.2.0)
fog-core
multi_json (~> 1.10)
fog-xml (0.1.4)
fog-core
nokogiri (>= 1.5.11, < 2.0.0)
formatador (1.1.0)
forwardable (1.3.3)
fuubar (2.5.1)
rspec-core (~> 3.0)
ruby-progressbar (~> 1.4)
gettext (3.4.3)
erubi
locale (>= 2.0.5)
prime
text (>= 1.3.0)
git (1.18.0)
addressable (~> 2.8)
rchardet (~> 1.8)
globalid (1.1.0)
activesupport (>= 5.0)
guard (2.18.0)
formatador (>= 0.2.4)
listen (>= 2.7, < 4.0)
lumberjack (>= 1.0.12, < 2.0)
nenv (~> 0.1)
notiffany (~> 0.0)
pry (>= 0.13.0)
shellany (~> 0.0)
thor (>= 0.18.1)
hana (1.3.7)
hashdiff (1.0.1)
hashie (5.0.0)
highline (2.1.0)
htmltoword (1.1.1)
actionpack
nokogiri
rubyzip (>= 1.0)
httparty (0.21.0)
mini_mime (>= 1.0.0)
multi_xml (>= 0.5.2)
i18n (1.12.0)
concurrent-ruby (~> 1.0)
jbuilder (2.11.5)
actionview (>= 5.0.0)
activesupport (>= 5.0.0)
jsbundling-rails (1.1.1)
railties (>= 6.0.0)
json (2.6.3)
json_schemer (0.2.24)
ecma-re-validator (~> 0.3)
hana (~> 1.3)
regexp_parser (~> 2.0)
uri_template (~> 0.7)
jwt (2.7.0)
kaminari (1.2.2)
activesupport (>= 4.1.0)
kaminari-actionview (= 1.2.2)
kaminari-activerecord (= 1.2.2)
kaminari-core (= 1.2.2)
kaminari-actionview (1.2.2)
actionview
kaminari-core (= 1.2.2)
kaminari-activerecord (1.2.2)
activerecord
kaminari-core (= 1.2.2)
kaminari-core (1.2.2)
kramdown (2.4.0)
rexml
kramdown-parser-gfm (1.1.0)
kramdown (~> 2.0)
ledermann-rails-settings (2.5.0)
activerecord (>= 4.2)
listen (3.8.0)
rb-fsevent (~> 0.10, >= 0.10.3)
rb-inotify (~> 0.9, >= 0.9.10)
locale (2.1.3)
loofah (2.20.0)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
lumberjack (1.2.8)
mail (2.7.1)
mini_mime (>= 0.1.1)
marcel (1.0.2)
matrix (0.4.2)
meta_request (0.8.2)
rack-contrib (>= 1.1, < 3)
railties (>= 3.0.0, < 8)
method_source (1.0.0)
mime-types (3.4.1)
mime-types-data (~> 3.2015)
mime-types-data (3.2023.0218.1)
mimemagic (0.4.3)
nokogiri (~> 1)
rake
mini_mime (1.1.2)
minitest (5.18.0)
mocha (2.0.2)
ruby2_keywords (>= 0.0.5)
msgpack (1.7.0)
multi_json (1.15.0)
multi_xml (0.6.0)
mysql2 (0.5.5)
nap (1.1.0)
nenv (0.3.0)
nio4r (2.5.9)
no_proxy_fix (0.1.2)
nokogiri (1.14.3-aarch64-linux)
racc (~> 1.4)
nokogiri (1.14.3-arm64-darwin)
racc (~> 1.4)
nokogiri (1.14.3-x86_64-linux)
racc (~> 1.4)
notiffany (0.1.3)
nenv (~> 0.1)
shellany (~> 0.0)
oauth2 (2.0.9)
faraday (>= 0.17.3, < 3.0)
jwt (>= 1.0, < 3.0)
multi_xml (~> 0.5)
rack (>= 1.2, < 4)
snaky_hash (~> 2.0)
version_gem (~> 1.1)
octokit (5.6.1)
faraday (>= 1, < 3)
sawyer (~> 0.9)
omniauth (2.1.1)
hashie (>= 3.4.6)
rack (>= 2.2.3)
rack-protection
omniauth-oauth2 (1.8.0)
oauth2 (>= 1.4, < 3)
omniauth (~> 2.0)
omniauth-orcid (2.1.1)
omniauth-oauth2 (~> 1.3)
ruby_dig (~> 0.0.2)
omniauth-rails_csrf_protection (1.0.1)
actionpack (>= 4.2)
omniauth (~> 2.0)
omniauth-shibboleth (1.3.0)
omniauth (>= 1.0.0)
open4 (1.3.4)
options (2.3.2)
orm_adapter (0.5.0)
parallel (1.22.1)
parser (3.2.2.0)
ast (~> 2.4.1)
pg (1.4.6)
prime (0.1.2)
forwardable
singleton
progress_bar (1.3.3)
highline (>= 1.6, < 3)
options (~> 2.3.0)
pry (0.14.2)
coderay (~> 1.1)
method_source (~> 1.0)
public_suffix (5.0.1)
puma (6.2.1)
nio4r (~> 2.0)
pundit (2.3.0)
activesupport (>= 3.0.0)
pundit-matchers (1.8.4)
rspec-rails (>= 3.0.0)
racc (1.6.2)
rack (2.2.6.4)
rack-attack (6.6.1)
rack (>= 1.0, < 3)
rack-contrib (2.5.0)
rack (< 4)
rack-mini-profiler (3.1.0)
rack (>= 1.2.0)
rack-protection (3.0.6)
rack
rack-test (2.1.0)
rack (>= 1.3)
rails (6.1.7.3)
actioncable (= 6.1.7.3)
actionmailbox (= 6.1.7.3)
actionmailer (= 6.1.7.3)
actionpack (= 6.1.7.3)
actiontext (= 6.1.7.3)
actionview (= 6.1.7.3)
activejob (= 6.1.7.3)
activemodel (= 6.1.7.3)
activerecord (= 6.1.7.3)
activestorage (= 6.1.7.3)
activesupport (= 6.1.7.3)
bundler (>= 1.15.0)
railties (= 6.1.7.3)
sprockets-rails (>= 2.0.0)
rails-controller-testing (1.0.5)
actionpack (>= 5.0.1.rc1)
actionview (>= 5.0.1.rc1)
activesupport (>= 5.0.1.rc1)
rails-dom-testing (2.0.3)
activesupport (>= 4.2.0)
nokogiri (>= 1.6)
rails-html-sanitizer (1.5.0)
loofah (~> 2.19, >= 2.19.1)
railties (6.1.7.3)
actionpack (= 6.1.7.3)
activesupport (= 6.1.7.3)
method_source
rake (>= 12.2)
thor (~> 1.0)
rainbow (3.1.1)
rake (13.0.6)
rb-fsevent (0.11.2)
rb-inotify (0.10.1)
ffi (~> 1.0)
rchardet (1.8.0)
recaptcha (5.13.0)
json
regexp_parser (2.7.0)
responders (3.1.0)
actionpack (>= 5.2)
railties (>= 5.2)
rexml (3.2.5)
rspec-collection_matchers (1.2.0)
rspec-expectations (>= 2.99.0.beta1)
rspec-core (3.12.1)
rspec-support (~> 3.12.0)
rspec-expectations (3.12.2)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.12.0)
rspec-mocks (3.12.5)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.12.0)
rspec-rails (6.0.1)
actionpack (>= 6.1)
activesupport (>= 6.1)
railties (>= 6.1)
rspec-core (~> 3.11)
rspec-expectations (~> 3.11)
rspec-mocks (~> 3.11)
rspec-support (~> 3.11)
rspec-support (3.12.0)
rss (0.3.0)
rexml
rubocop (1.50.1)
json (~> 2.3)
parallel (~> 1.10)
parser (>= 3.2.0.0)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 1.8, < 3.0)
rexml (>= 3.2.5, < 4.0)
rubocop-ast (>= 1.28.0, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 2.4.0, < 3.0)
rubocop-ast (1.28.0)
parser (>= 3.2.1.0)
rubocop-i18n (3.0.0)
rubocop (~> 1.0)
rubocop-performance (1.17.1)
rubocop (>= 1.7.0, < 2.0)
rubocop-ast (>= 0.4.0)
ruby-progressbar (1.13.0)
ruby2_keywords (0.0.5)
ruby_dig (0.0.2)
rubyzip (2.3.2)
sawyer (0.9.2)
addressable (>= 2.3.5)
faraday (>= 0.17.3, < 3)
selenium-webdriver (4.8.6)
rexml (~> 3.2, >= 3.2.5)
rubyzip (>= 1.2.2, < 3.0)
websocket (~> 1.0)
shellany (0.0.1)
shoulda (4.0.0)
shoulda-context (~> 2.0)
shoulda-matchers (~> 4.0)
shoulda-context (2.0.0)
shoulda-matchers (4.5.1)
activesupport (>= 4.2.0)
singleton (0.1.1)
snaky_hash (2.0.1)
hashie
version_gem (~> 1.1, >= 1.1.1)
spring (4.1.1)
spring-commands-rspec (1.0.4)
spring (>= 0.9.1)
spring-watcher-listen (2.1.0)
listen (>= 2.7, < 4.0)
spring (>= 4)
sprockets (4.2.0)
concurrent-ruby (~> 1.0)
rack (>= 2.2.4, < 4)
sprockets-rails (3.4.2)
actionpack (>= 5.2)
activesupport (>= 5.2)
sprockets (>= 3.0.0)
terminal-table (3.0.2)
unicode-display_width (>= 1.1.1, < 3)
text (1.3.1)
thor (1.2.1)
tomparse (0.4.2)
translation (1.35)
gettext (~> 3.2, >= 3.2.5, <= 3.4.3)
turbo-rails (1.4.0)
actionpack (>= 6.0.0)
activejob (>= 6.0.0)
railties (>= 6.0.0)
tzinfo (2.0.6)
concurrent-ruby (~> 1.0)
unicode-display_width (2.4.2)
uniform_notifier (1.16.0)
uri_template (0.7.0)
version_gem (1.1.2)
warden (1.2.9)
rack (>= 2.0.9)
web-console (4.2.0)
actionview (>= 6.0.0)
activemodel (>=
5358
6.0.0)
bindex (>= 0.4.0)
railties (>= 6.0.0)
webdrivers (5.2.0)
nokogiri (~> 1.6)
rubyzip (>= 1.3.0)
selenium-webdriver (~> 4.0)
webmock (3.18.1)
addressable (>= 2.8.0)
crack (>= 0.3.2)
hashdiff (>= 0.4.0, < 2.0.0)
websocket (1.2.9)
websocket-driver (0.7.5)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.5)
wicked_pdf (2.6.3)
activesupport
wkhtmltopdf-binary (0.12.6.6)
xpath (3.2.0)
nokogiri (~> 1.8)
yard (0.9.33)
yard-tomdoc (0.7.1)
tomparse (>= 0.4.0)
yard
zeitwerk (2.6.7)
PLATFORMS
aarch64-linux
arm64-darwin-21
x86_64-linux
DEPENDENCIES
activerecord_json_validator
annotate
annotate_gem
api-pagination
autoprefixer-rails
better_errors
binding_of_caller
bootsnap
brakeman
bullet
bundle-audit
byebug
capybara
contact_us
cssbundling-rails
danger
database_cleaner
devise
devise_invitable
doorkeeper
dotenv-rails
dragonfly
dragonfly-s3_data_store
factory_bot_rails
faker
flag_shih_tzu
fuubar
guard
htmltoword
httparty
jbuilder
jsbundling-rails
jwt
kaminari
ledermann-rails-settings
listen
mail (= 2.7.1)
meta_request
mimemagic
mocha
mysql2
omniauth
omniauth-orcid
omniauth-rails_csrf_protection
omniauth-shibboleth
parallel
pg
progress_bar
puma
pundit
pundit-matchers
rack-attack (~> 6.6, >= 6.6.1)
rack-mini-profiler
rails (~> 6.1)
rails-controller-testing
rake (~> 13.0.6)
recaptcha
rspec-collection_matchers
rspec-rails
rss
rubocop
rubocop-i18n
rubocop-performance
shoulda
spring
spring-commands-rspec
spring-watcher-listen
text
translation
turbo-rails
web-console
webdrivers
webmock
wicked_pdf
wkhtmltopdf-binary
yard
yard-tomdoc
RUBY VERSION
ruby 3.0.4p208
BUNDLED WITH
2.5.16
Metadata
Metadata
Assignees
Labels
No labels