Checkbox scopes in doorkeeper
I want to allow users to select scopes from a checkbox list. I've setup the form like so:
<%= f.label :scopes, class: 'col-sm-2 control-label' %>
<% Doorkeeper.configuration.scopes.each do |scope| %>
<%= check_box_tag("doorkeeper_application[scopes][#{scope}]", scope, @application.scopes.include?(scope)) %>
<%= scope %><br>
<% end %>
<% end %>
which produces
doorkeeper_application[scopes] is accepted by Oauth::ApplicationsController. While users should be able to select multiple scopes, parameters like doorkeeper_application[scopes][foo] are not accepted.
What's the best practice for passing these params to the controller? Or is there a better practice to achieve checkboxed scopes in Doorkeeper?
Solution
According to the OAuth2 specification, multiple scopes should be joined by space characters. So you should get the names of the checked scopes from params, join them with a space " ", and assign that single value as the doorkeeper_application[scopes] value.
- Rails Devise Strong Parameters not building Nested Association
- Ruby on rails save a specific field in database
- Benefits of having a discrete new-action?
- Query on JSON object keys in ActiveRecord/Postgresql
- Ruby on Rails Active Record return value when create fails?
- How to classify ActionController::RoutingError as an error in Sentry
- ActiveRecord not getting id after save
- How to unscope an associated record in Rails 3
- Rails 6 - on a POST is it safe to rely on 204 (No Content) to let Jquery update the same page while a record is created in background?
- How do I use the "turbo:frame-load" event with Hotwire and Stimulus in Rails?
- Rails render return does not stop execution
- Rails not compiling new TailwindCSS classes in development
- collection_check_boxes messes with update values
- Prevent jobs on the cluster from running on production code during deployment
- How do I know that a gem is compatible with a version of rails?
- Swift iOS NSJsonSerialization fails silently
- How to allow iOS app to search Rails JSON API?
- Grover.to_pdf: ReadableStream is not defined
- How to parse a dynamic image path in Rails 8 inside Stimulus controller (Popshaft Asset Pipeline)?
- Regex help, works on rubular not on production? Possible \n issue?
- How do I setup the ruby SDK in IntelliJ IDEA?
- Using Tokens with Username/Password Combo
- How to protect JSON API from being accessed by anyone but my iOS client?
- What is the best approach to build a real-time, turn-based iPhone game with Rails as backend?
- Secure API for iOS without user account
- What is the Rails way to handle different controller clients (Web, iOS API)?
- How to extend my rails app to a native mobile app? API vs normal controller JSON
- JSON or HTML: Designing my server side to reduce latency and support multiple clients
- Rails (rake) Data Import Concurrently
- How can I test ActionCable channels using RSpec?