Doorkeeper Provider App
About Doorkeeper Gem
First clone the repository from GitHub:
git clone git://github.com/doorkeeper-gem/doorkeeper-provider-app.git
Install all dependencies with:
After that you're almost ready to go.
The configuration is quite simple, all you need to do is run:
bundle exec rake db:setup
This will generate all necessary tables, create fake data, create an user and a client application.
The generated user email is
email@example.com and password is
secret will show up on terminal when the script ends.
After that, you can just fire up the
rails server and you're ready to go.
The endpoints is mounted under
/oauth so our routes look like this:
GET /oauth/authorize POST /oauth/authorize DELETE /oauth/authorize POST /oauth/token resources /oauth/applications
This app provides a sample JSON API under
/api/v1. The current API endpoints are:
routes.rb you can check out how they're made:
namespace :api do namespace :v1 do resources :profiles get '/me' => "credentials#me" end end
We namespace the API controllers to avoid name clashing and collisions between your existing application and the API. This way, you can make changes to your application without messing up with the API's behavior.
You can find all controllers under
api_controller.rb works as a parent class to the other controllers. It only defines a method that returns the current resource owner, based on the access token:
def current_resource_owner User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token end
This is required if you want to return data based on the current user, like in
Make Access Token Required
To make your API only available for OAuth users, you need to tell doorkeeper to require an access token in your api controller, like this:
module Api::V1 class ProfilesController < ApiController before_action :doorkeeper_authorize! def index render json: Profile.recent end end end
However, see also the Doorkeeper wiki article about using scopes.
If you attempt to access any of the protected resources without an proper access token, you'll get an
401 Unauthorized response.
You can manage all client applications in