Authorization Scopes
Important: These docs are for the outdated Jets 5 versions and below. For the latest Jets docs: docs.rubyonjets.com
Authorization Scopes are support by Cognito authorizers. You can configure the OAuth2 scope in the Gateway API Method Request in two ways.
Note: This interface may be adjusted.
Controller Wide
You can configure controller-wide the OAuth2 Scope. Example:
class PostsController < ApplicationController
authorizer "main#my_cognito" # protects all actions in the controller
authorization_scopes %w[create delete]
end
All PostsController actions will be using create and delete authorization scopes.
Route Specific
You can also configure the OAuth2 Scope on a per-route basis with the authorization_scopes option:
Jets.application.routes.draw do
get "posts", to: "posts#index", authorizer: "main#my_cognito", authorization_scopes: %w[create delete]
end