doorkeeper

问题 I have a Grape API protected by Doorkeeper and I have a bunch of methods which work perfectly. However, there's one method that behaves weirdly. It is a GET request that requires no parameters and running it throws the following error: Grape::Exceptions::ValidationErrors at /v1/discount_cards/all.json id is invalid My method looks like this: desc 'Get all the cards of current customer' params {} get 'all' do current_customer.discount_cards.to_json(include: { barcode: { include: :barcode_type

问题 I've built multiple Rails/React applications for my company (all in one using Rails 6. Rails renders json to React). All applications will be on the same domain and eventually, access rights will be done via VPN. For now, I would like to build a Single Sign On app that would give a list of apps to choose from (Accounts, Dashboard, Audits, etc). Based on the users credentials, they may or may not have certain privileges on these applications. I appears that the Doorkeeper Gem is the way to go

问题 I'm trying to test CredentialsController , which works fine in production, using RSpec request specs. Code Controller class CredentialsController < ApplicationController before_action :doorkeeper_authorize! def me render json: current_user end end ( GET /me routes to CredentialsController#me .) Request Specs describe 'Credentials', type: :request do context 'unauthorized' do it "should 401" do get '/me' expect(response).to have_http_status(:unauthorized) end end context 'authorized' do let!(

问题 I'm trying to test CredentialsController , which works fine in production, using RSpec request specs. Code Controller class CredentialsController < ApplicationController before_action :doorkeeper_authorize! def me render json: current_user end end ( GET /me routes to CredentialsController#me .) Request Specs describe 'Credentials', type: :request do context 'unauthorized' do it "should 401" do get '/me' expect(response).to have_http_status(:unauthorized) end end context 'authorized' do let!(

问题 Do you have any idea how to override Doorkeeper::Application provided by the Doorkeeper gem.Let's say I want to add validation, callbacks and so on. Db table is named auth_applications . I created a model named application.rb containing the following but my before_create call is not triggered. What's the best approach? module Doorkeeper class Application < ActiveRecord::Base include ApplicationMixin require 'identicon' before_create :generate_identicon def generate_identicon self.identicon =

问题 I'm having trouble with Doorkeeper::TokensController. I want to execute some code before an Access Token is asked for (if it's created or not, I want to log it anyway) using a before_action (default route is POST /oauth/token / Doorkeeper::TokensController#create . I followed the doc here by doing the following: config/routes.rb use_doorkeeper do controllers tokens: 'oauth/access_tokens' end app/controllers/access_tokens_controller.rb class Oauth::AccessTokensController < Doorkeeper:

问题 I've got a Rails API that is using Doorkeeper with the password grant method for Oauth2. Doorkeeper requires both the client_id and client_secret to be sent to the token request ( /oauth/token ), alongside the user's login details and scope. How would I go about doing this in an Angular app? I don't like the idea of storing the client id and secret client side... 回答1: The client_id and client_secret should only be used when your app code is secured, i.g. inside your web server. For browser

问题 Currently I have an access token api with username, password and grant_type as password in my request in rails using doorkeeper. But I need to make client_id and secret as mandatory fields in the request. How can I do that. Can anyone please help to make this. In my doorkeeper.rb config file, resource_owner_from_credentials do |routes| #client = OAuth2::Client.new(request.params[:client_id], request.params[:client_secret], site: "http://localhost:3000/") #auth_url = client.auth_code.authorize

问题 I am building a Rails API and am currently using doorkeeper and devise to authenticate users with the ResourceOwnerFromCredentials flow. All works fine however, I cannot get the authentication to work in Rspec . Here is how am integrating the app in rspec: let(:app_country) { FactoryGirl.create(:app_country)} let(:valid_attributes) { FactoryGirl.attributes_for(:app_city, {:app_country_id => app_country.id}) } let(:valid_session) { {:format => :json} } let(:application) { Doorkeeper:

问题 Is it possible to authorize a User for an Application using the Rails console, or even model code? In certain situations, I want to be able to create and authorize a new user account for a particular application. Essentially I want to be able generate an authorization_code on the command line. 回答1: You need to disable the confirmation feature for the app owner: $ app = Doorkeeper::Application.new :name => 'test', :redirect_uri => 'http://test.com' $ app.owner = User.last # Or any owner class