chore: Don't automatically add openid scope to Doorkeeper configuration

Leave it up to the user where they want to enable authentication.

README.md

@@ -12,7 +12,7 @@ This library implements [OpenID Connect](http://openid.net/connect/) for Rails a
 - [Status](#status)
 - [Installation](#installation)
 - [Configuration](#configuration)
-  - [Scopes](#scopes)
+  - [OAuth Scopes](#oauth-scopes)
   - [Routes](#routes)
 - [Development](#development)
 - [License](#license)
@@ -106,11 +106,11 @@ Custom claims can optionally be specified in a `claims` block. The following cla
 
 You can pass a `scope:` keyword argument on each claim to specify which OAuth scope should be required to access the claim. [Standard Claims](http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims) as defined by OpenID Connect will by default use their [corresponding scopes](http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims), and any other claims will by default use the `profile` scope.
 
-### Scopes
+### OAuth Scopes
 
-The `openid` scope is automatically added to Doorkeeper's `optional_scopes`. If you want to use any of the other default scopes defined by OpenID Connect (`profile`, `email`, `address` and `phone`) you need to enable them manually with `default_scopes` / `optional_scopes` in `config/initializers/doorkeeper.rb`.
+To authenticate using OpenID Connect, clients need to request the `openid` scope. You can either enable this for all applications using `optional_scopes` in `config/initializers/doorkeeper.rb`, or add them to any Doorkeeper application's `scope` attribute. Note that any application defining its own scopes won't inherit the scopes defined in the initializer.
 
-Note that any Doorkeeper OAuth applications which define their own scopes also need to be updated to include `openid` and other desired scopes.
+The specification also defines the optional scopes `profile`, `email`, `address` and `phone` to grant access to groups of Standard Claims, as mentioned above.
 
 See [Using Scopes](https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes) in the Doorkeeper wiki for more information.
 

doorkeeper-openid_connect.gemspec

@@ -21,7 +21,6 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = ">= 2.1"
 
   spec.add_runtime_dependency 'doorkeeper', '~> 4.0'
-  #spec.add_runtime_dependency 'activemodel', '~> 4.0'
   spec.add_runtime_dependency 'json-jwt', '~> 1.6.5'
 
   spec.add_development_dependency 'rspec-rails'

lib/doorkeeper/openid_connect.rb

@@ -24,8 +24,6 @@
 require 'doorkeeper/openid_connect/rails/routes'
 
 module Doorkeeper
-  singleton_class.send :prepend, OpenidConnect::DoorkeeperConfiguration
-
   module OpenidConnect
     # TODO: make this configurable
     SIGNING_ALGORITHM = 'RS256'.freeze

lib/doorkeeper/openid_connect/config.rb

@@ -1,17 +1,5 @@
 module Doorkeeper
   module OpenidConnect
-    module DoorkeeperConfiguration
-      def configure(&block)
-        super(&block)
-
-        if configuration.orm != :active_record
-          fail ConfigurationError, 'Doorkeeper OpenID Connect currently only supports the ActiveRecord ORM adapter'
-        end
-
-        configuration.optional_scopes.add :openid
-      end
-    end
-
     class ConfigurationError < StandardError; end
     class MissingConfiguration < StandardError
       def initialize
@@ -20,6 +8,10 @@ def initialize
     end
 
     def self.configure(&block)
+      if Doorkeeper.configuration.orm != :active_record
+        fail ConfigurationError, 'Doorkeeper OpenID Connect currently only supports the ActiveRecord ORM adapter'
+      end
+
       @config = Config::Builder.new(&block).build
     end
 

spec/dummy/config/initializers/doorkeeper.rb

@@ -1,4 +1,6 @@
 Doorkeeper.configure do
+  optional_scopes :openid
+
   resource_owner_authenticator do
     if params[:current_user]
       User.find(params[:current_user])

spec/lib/config_spec.rb

@@ -8,22 +8,18 @@
     load "#{Rails.root}/config/initializers/doorkeeper_openid_connect.rb"
   end
 
-  describe 'scopes' do
-    it 'adds the openid scope to the Doorkeeper configuration' do
-      expect(Doorkeeper.configuration.scopes).to include 'openid'
-    end
-  end
-
-  describe 'orm' do
+  describe '#configure' do
     it 'fails if not set to :active_record' do
       # stub ORM setup to avoid Doorkeeper exceptions
       allow(Doorkeeper).to receive(:setup_orm_adapter)
       allow(Doorkeeper).to receive(:setup_orm_models)
 
+      Doorkeeper.configure do
+        orm :mongoid
+      end
+
       expect do
-        Doorkeeper.configure do
-          orm :mongoid
-        end
+        Doorkeeper::OpenidConnect.configure {}
       end.to raise_error Doorkeeper::OpenidConnect::ConfigurationError
     end
   end