doorkeeper
  • Doorkeeper Guides
  • Ruby on Rails
    • Getting Started
    • Routes
    • Configuration
    • Scopes
    • Securing the API
    • API Mode
    • PKCE Flow
    • Polymorphic Resource Owner
  • Grape
    • Grape
  • ORMs
    • Active Record
    • MongoDB
    • Sequel
    • Couchbase
  • Internals
    • Database Design
    • Internationalization (i18n)
    • Rake
    • Testing
    • Upgrading
    • Creating extensions
  • Security
    • Token and Application Secrets
  • Configuration
    • Models
    • Scopes
    • Skip Authorization
    • Other Configurations
    • Route Constraints and other integrations
Powered by GitBook
On this page

Was this helpful?

  1. Ruby on Rails

API Mode

PreviousSecuring the APINextPKCE Flow

Last updated 5 years ago

Was this helpful?

By default Doorkeeper uses full Rails stack to provide all the OAuth 2 functionality with additional features like administration area for managing applications. By the way, starting from Doorkeeper 5 you can use API mode for your . All you need is just to configure the gem to work in desired mode:

config/initializers/doorkeeper.rb
Doorkeeper.configure do
  api_only
  base_controller 'ActionController::API'
end

Keep in mind, that in this mode you will not be able to access Applications or Authorized Applications controllers because they will be skipped. CSRF protections (which are otherwise enabled) will be skipped, and all the redirects will be returned as JSON response with corresponding locations.

In order to add Applications for authorizing, you will need to create them via console:

Doorkeeper::Application.create(name: "MyApp", redirect_uri: "urn:ietf:wg:oauth:2.0:oob", scopes: ["read", "write"])
API only Rails 5 applications