doorkeeper
  • Doorkeeper Guides
  • Ruby on Rails
    • Getting Started
    • Routes
    • Configuration
    • Scopes
    • Securing the API
    • API Mode
    • PKCE Flow
    • Polymorphic Resource Owner
  • Grape
    • Grape
  • ORMs
    • Active Record
    • MongoDB
    • Sequel
    • Couchbase
  • Internals
    • Database Design
    • Internationalization (i18n)
    • Rake
    • Testing
    • Upgrading
    • Creating extensions
  • Security
    • Token and Application Secrets
  • Configuration
    • Models
    • Scopes
    • Skip Authorization
    • Other Configurations
    • Route Constraints and other integrations
Powered by GitBook
On this page
  • Resource Owner Authentication
  • Application Management Authentication

Was this helpful?

  1. Ruby on Rails

Configuration

PreviousRoutesNextScopes

Last updated 5 years ago

Was this helpful?

Before you're able to use Doorkeeper, you need to configure how resource owners (users) can be authenticated and who can manage such applications.

Resource Owner Authentication

This configuration should do two things:

  1. Return the user is currently authenticated

  2. Redirect the user to the authentication page

If you're using , one option is to write the following:

Doorkeeper.configure do
  resource_owner_authenticator do
    current_user || warden.authenticate!(scope: :user)
  end
end

The block above runs in the context of your application so you have access to your models, session and routes helpers. However, it is not run in the context of the ApplicationController which means that it doesn't have access to the methods defined over there.

You may want to check other ways of authentication .

Application Management Authentication

By default, the applications list in /oauth/applications is unavailable. To let users see and manage all applications, you should configure admin_authenticator block:

Doorkeeper.configure do
  admin_authenticator do |_routes|
    current_user || warden.authenticate!(scope: :user)
  end
end

The block follows the same rules as resource_owner_authenticator block.

Note: the application list is just a scaffold. It's highly recommended to either customize the controller used by the list or skip the controller all together. For more information see the page .

devise
here
in the wiki