POST /api/v1/apps
accepts a scopes array but sets scopes to default scopes
#30152
Labels
POST /api/v1/apps
accepts a scopes array but sets scopes to default scopes
#30152
Steps to reproduce the problem
I was working on additional test cases for
spec/requests/api/v1/apps_spec.rb
, and added the following:This test case currently fails, as
scopes
gets set toread
which is the default scopes.Expected behaviour
Either an array should work, or it should throw a 422 unprocessible entity error
Actual behaviour
falls back to the default scopes configured for doorkeeper
Detailed description
It's arguable which way this should go:
scopes
is already "non-standard" if compared to the OAuth 2.0 Dynamic Client Registration spec (https://www.rfc-editor.org/rfc/rfc7591.html#section-2), which expects ascope
property with the scopes being space separated.Currently
scopes
of"read write follow"
works as expected, however ifscopes
is an array, then the default scopes configured on doorkeeper are returned as the application's scopes.I think it should probably error, and we should also move towards using
scope
instead ofscopes
.Mastodon instance
No response
Mastodon version
v4.3 / main — 9e26001
Technical details
If this is happening on your own Mastodon server, please fill out those:
The text was updated successfully, but these errors were encountered: