[#1427] Bugfix for enforce_oauth_admin_scope_usage. Admin API documentation entry.

2019-12-06 16:56:23 +03:00 · 2019-12-06 16:56:23 +03:00 · 93a80ee915
commit 93a80ee915
parent 13926537b6
2 changed files with 15 additions and 9 deletions
--- a/docs/API/admin_api.md
+++ b/docs/API/admin_api.md
@ -2,6 +2,13 @@

 Authentication is required and the user must be an admin.

+Configuration options:
+ 
+* `[:auth, :enforce_oauth_admin_scope_usage]` — OAuth admin scope requirement toggle.
+    If `true`, admin actions explicitly demand admin OAuth scope(s) presence in OAuth token (client app must support admin scopes).
+    If `false` and token doesn't have admin scope(s), `is_admin` user flag grants access to admin-specific actions.
+    Note that client app needs to explicitly support admin scopes and request them when obtaining auth token.
+
 ## `GET /api/pleroma/admin/users`

 ### List users