doorkeeper
Search…
Securing the API
To protect your controllers (usual one or ActionController::API) with OAuth, you just need to setup before_actions specifying the actions you want to protect. For example:
1
class Api::V1::ProductsController < Api::V1::ApiController
2
before_action :doorkeeper_authorize! # Requires access token for all actions
3
4
# before_action -> { doorkeeper_authorize! :read, :write }
5
6
# your actions
7
end
Copied!
You can pass any option before_action accepts, such as if, only, except, and others.

Authenticated resource owner

If you want to return data based on the current resource owner, in other words, the access token owner, you may want to define a method in your controller that returns the resource owner instance:
1
class Api::V1::CredentialsController < Api::V1::ApiController
2
before_action :doorkeeper_authorize!
3
respond_to :json
4
5
# GET /me.json
6
def me
7
respond_with current_resource_owner
8
end
9
10
private
11
12
# Find the user that owns the access token
13
def current_resource_owner
14
User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
15
end
16
end
Copied!
In this example, we're returning the credentials (me.json) of the access token owner.
Last modified 2yr ago
Copy link