How to log attributes of access_token?

[prabhatjha]

We are using Grape and Doorkeeper for our API. We have both password and client_credentials OAuth flow supported. I would like to log details of access_token for each API call for audit log. Since doorkeeper hits database to get token details already, I thought it would be a good place to log it but I have not found any documentation/wiki/SO post talking about this. Please point me to right direction.

If this is not the right place for this kind of question then pls suggest a place. Thanks.

[tute]

We avoid logging sensitive parameters with the following lines of code: https://github.com/doorkeeper-gem/doorkeeper/blob/master/lib/doorkeeper/engine.rb#L4-L5

You can tweak that configuration to enable logging of those. Does this answer your question?

[prabhatjha]

It totally makes sense to avoid logging those. My question is about logging attributes of access_token, usually the ones you would get from oauth_access_tokens and oauth_applications table, so that I can go through logs and see who is using/abusing those API calls.

Hope it makes sense and thank you for your response.

[prabhatjha]

I did find a way to get it done but it's not optimal since I have to put it on API for every resource. Here is code snippet just in case it helps others.

resource :responses do
      before do      
        doorkeeper_authorize! request.get? ? :read : :respond
        t = doorkeeper_token
        p t //or  just specific attributes such as resource_owner.
      end

[tute]

That looks good. doorkeeper_token is available and you can do whatever you need. Thanks!