注册应用,以client credential方式调用api发布文章,发现没有权限
jinhuisheng opened this issue · 0 comments
jinhuisheng commented
查看代码发现oauth_access_token表,创建access_token时resource_owner_id没有赋值用户id:
Doorkeeper::AccessToken Create (8.3ms) INSERT INTO "oauth_access_tokens" ("application_id", "token", "expires_in", "created_at", "scopes") VALUES ($1, $2, $3, $4, $5) RETURNING "id" [["application_id", 1], ["token", "FBfKGYGbHA8qwLvQq-TP8JvCASTwcoQs3HuO3wlKiKQ"], ["expires_in", 86400], ["created_at", "2021-01-20 07:43:05.552173"], ["scopes", "all"]] TRANSACTION (18.8ms) COMMIT
这个时候调用发布文章api时,就不能根据access_token信息中找到userId,造成没有权限
创建access_token是通过Doorkeeper oauth组件直接创建的,不知道这是不是个bug?
如果不是,是不是有更新access_token中resource_owner_id的逻辑呢,目前代码中没有找到更新oauth_access_token中resource_owner_id逻辑