apiary | |
Post | /oauth/apps/authorize |
Purpose
This WS is designed to authorize user's scopes. Requested scopes should be allowed for user role, client type and client's broker scopes
Request parameters
- access_token with scope "app:authorize" created for the user
- client_id
- redirect_uri
- scope
Validation
Validate token
extract user_id from token
- check user_id flag is blocked = false
- in case error return 401
Validate client_id
- validate client flag is_blocked = false
- in case error return 401, "Client is blocked."
Validate redirect uri
- check $.redirect_uri in (SELECT connections.redirect_uri from clients join connections on clients.id = connections.client_id where clients.id=$.client_id)
- in case error return 401, "The redirection URI provided does not match a pre-registered value."
Validate scopes
- check if $.scope is not null
- in case error return 422, "Requested scope is empty. Scope not passed or user has no roles or global roles."