Add a privileged scope that allows authorization to be skipped

config/initializers/doorkeeper.rb

@@ -419,10 +419,10 @@ Doorkeeper.configure do
   # Under some circumstances you might want to have applications auto-approved,
   # so that the user skips the authorization step.
   # For example if dealing with a trusted application.
-  #
-  # skip_authorization do |resource_owner, client|
-  #   client.superapp? or resource_owner.admin?
-  # end
+
+  skip_authorization do |_, client|
+    client.scopes.include?("skip_authorization")
+  end
 
   # Configure custom constraints for the Token Introspection request.
   # By default this configuration option allows to introspect a token by another

config/locales/en.yml

@@ -2343,6 +2343,7 @@ en:
       write_gpx: Upload GPS traces
       write_notes: Modify notes
       read_email: Read user email address
+      skip_authorization: Auto approve application
   oauth_clients:
     new:
       title: "Register a new application"

lib/oauth.rb

@@ -1,6 +1,6 @@
 module Oauth
   SCOPES = %w[read_prefs write_prefs write_diary write_api read_gpx write_gpx write_notes].freeze
-  PRIVILEGED_SCOPES = %w[read_email].freeze
+  PRIVILEGED_SCOPES = %w[read_email skip_authorization].freeze
 
   class Scope
     attr_reader :name