k1nq/TREK
1
0
Fork 0
mirror of https://github.com/mauriceboe/TREK.git synced 2026-06-19 13:21:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(oauth): gate scope selection UI to DCR clients only

Browse Source 
Settings-created clients have fixed scopes chosen at creation time and
should show a read-only scope list on the consent screen. Only DCR-registered
clients expose the interactive checkbox UI for user-controlled scope selection.
This commit is contained in:
jubnl
2026-04-10 06:03:29 +02:00
parent ac9c5784ee
commit 4ad1ccf5dd
2 changed files with 72 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/src/services/oauthService.ts
+3
View File
@@ -532,6 +532,8 @@ export interface ValidateAuthorizeResult {
consentRequired?: boolean;
/** true when the request is valid but user is not authenticated */
loginRequired?: boolean;
/** true when the client was registered via machine DCR — user may adjust scopes on the consent screen */
scopeSelectable?: boolean;
}
export function validateAuthorizeRequest(
@@ -596,6 +598,7 @@ export function validateAuthorizeRequest(
client: { name: client.name, allowed_scopes: allowedScopes },
scopes: grantedScopes,
consentRequired,
scopeSelectable: client.created_via === 'dcr',
};
}