- granted_scopes = token && OAuth.parse_scopes(token.scope)
-
- if is_nil(token) || required_scopes -- granted_scopes == [] do
- conn
- else
- missing_scopes = required_scopes -- granted_scopes
- error_message = "Insufficient permissions: #{Enum.join(missing_scopes, ", ")}."
-
- conn
- |> put_resp_content_type("application/json")
- |> send_resp(403, Jason.encode!(%{error: error_message}))
- |> halt()
+
+ cond do
+ is_nil(token) ->
+ conn
+
+ op == :| && scopes -- token.scopes != scopes ->
+ conn
+
+ op == :& && scopes -- token.scopes == [] ->
+ conn
+
+ options[:fallback] == :proceed_unauthenticated ->
+ conn
+ |> assign(:user, nil)
+ |> assign(:token, nil)
+
+ true ->
+ missing_scopes = scopes -- token.scopes
+ error_message = "Insufficient permissions: #{Enum.join(missing_scopes, " #{op} ")}."
+
+ conn
+ |> put_resp_content_type("application/json")
+ |> send_resp(403, Jason.encode!(%{error: error_message}))
+ |> halt()