ActionController::Metal with doorkeeper

Brian Smith edited this page Jun 9, 2015 · 5 revisions

If you're using ActionController::Metal for your API and you want to protect it with doorkeeper OAuth, you just need to include a few modules:

version 2.0.0+

class MetalController < ActionController::Metal
  include AbstractController::Callbacks
  include ActionController::Head
  include Doorkeeper::Rails::Helpers

  before_action :doorkeeper_authorize!

  def index
    self.response_body = { ok: true }.to_json
  end
end

version <2.0.0

class MetalController < ActionController::Metal
  include AbstractController::Callbacks
  include ActionController::Head
  include Doorkeeper::Helpers::Filter

  doorkeeper_for :all

  def index
    self.response_body = { ok: true }.to_json
  end
end

This is the bare minimum to get either an :unauthorized response (that's why the Head module was included) or a authorized response with the response body.

Since doorkeeper uses a before filter, you need to include the AbstractController::Callbacks module.

Rocket Pants integration

If you use rocket pants gem, you need to include these modules:

version 2.0.0+

class MetalController < RocketPants::Base
  include ActionController::Head
  include Doorkeeper::Rails::Helpers

  version 1

  before_action :doorkeeper_authorize!
end

version <2.0.0

class MetalController < RocketPants::Base
  include ActionController::Head
  include Doorkeeper::Helpers::Filter

  version 1

  doorkeeper_for :all
end

Check out the related question in stack overflow