Merge pull request #81 from jarosan/master

Allow silent authentication without user consent

lib/doorkeeper/openid_connect/helpers/controller.rb

@@ -56,7 +56,7 @@ def handle_oidc_prompt_param!(owner)
             when 'none' then
               raise Errors::InvalidRequest if (prompt_values - [ 'none' ]).any?
               raise Errors::LoginRequired unless owner
-              raise Errors::ConsentRequired unless matching_tokens_for_oidc_resource_owner(owner).present?
+              raise Errors::ConsentRequired if oidc_consent_required?(owner)
             when 'login' then
               reauthenticate_oidc_resource_owner(owner) if owner
             when 'consent' then
@@ -100,6 +100,11 @@ def matching_tokens_for_oidc_resource_owner(owner)
             Doorkeeper::AccessToken.scopes_match?(token.scopes, pre_auth.scopes, pre_auth.client.scopes)
           end
         end
+
+        def oidc_consent_required?(owner)
+          return false if skip_authorization?
+          matching_tokens_for_oidc_resource_owner(owner).blank?
+        end
       end
     end
   end

spec/controllers/doorkeeper/authorizations_controller_spec.rb

@@ -138,6 +138,13 @@ def expect_successful_callback!
       end
 
       context 'and no matching token' do
+        it 'redirects to the callback if skip_authorization is set to true' do
+          allow(controller).to receive(:skip_authorization?) { true }
+
+          authorize! prompt: 'none'
+          expect_successful_callback!
+        end
+
         it 'returns a consent_required error when logged in' do
           authorize! prompt: 'none'