The client credentials flow only authenticates the client application without a user role. So basically there is a valid doorkeeper_access_token but no resource_owner.
The configuration looks like this:
config.define_resource_owner do
Customer.find(doorkeeper_access_token.resource_owner_id) if doorkeeper_access_token&.resource_owner_id
end
So you need to check if a resource_owner_id is set.
It works this way but i think there should be a way to declare this on each endpoint so wine_bouncer can validate it before the endpoint is called.
I think a scope is not the right way to solve this because scopes are something user role related.
Another thing to be aware of is an authenticated user has already implicitly authenticated the application too. So it feels like it's some kind of a security leveling.
Maybe a second method like oauth2_client?
The client credentials flow only authenticates the client application without a user role. So basically there is a valid
doorkeeper_access_tokenbut noresource_owner. The configuration looks like this:So you need to check if a resource_owner_id is set. It works this way but i think there should be a way to declare this on each endpoint so wine_bouncer can validate it before the endpoint is called. I think a scope is not the right way to solve this because scopes are something user role related. Another thing to be aware of is an authenticated user has already implicitly authenticated the application too. So it feels like it's some kind of a security leveling. Maybe a second method like
oauth2_client?