• Timothy Andrew's avatar
    Calls to the API are checked for scope. · 7fa06ed5
    Timothy Andrew authored
    - Move the `Oauth2::AccessTokenValidationService` class to
      `AccessTokenValidationService`, since it is now being used for
      personal access token validation as well.
    
    - Each API endpoint declares the scopes it accepts (if any). Currently,
      the top level API module declares the `api` scope, and the `Users` API
      module declares the `read_user` scope (for GET requests).
    
    - Move the `find_user_by_private_token` from the API `Helpers` module to
      the `APIGuard` module, to avoid littering `Helpers` with more
      auth-related methods to support `find_user_by_private_token`
    7fa06ed5
doorkeeper_access_spec.rb 916 Bytes