doorkeeper | 易学教程

401 Unauthorized — Invalid grant when requesting refresh token in Doorkeeper

阅读更多关于 401 Unauthorized — Invalid grant when requesting refresh token in Doorkeeper

问题 I'm having a trouble in requesting a refresh token, it keep returning an Unauthorized 401 error. I don't know if I'm lacking a parameters that I passed when I did a request. I added the doorkeeper configuration for refresh token. use_refresh_token Here's the request details: {{root_url}}/oauth/token {"refresh_token"=>"034a74c085219fb8297fd8ef9b59f080918f" "format"=>:json, "controller"=>"/oauth/tokens", "action"=>"create", "grant_type"=>"refresh_token", "client_id"=>"<client_id>", "client

Doorkeeper without web views

阅读更多关于 Doorkeeper without web views

问题 I'm using Rails to write an API for mobile application and OAuth seems like a standard way to handle user authorization. If I understand Doorkeeper docs correctly it requires user to be signed in with the website before it grants access for the mobile app. The issue in may case is that there really isn't any website (it may be in the future but for now it's just api). I would like the user creation/signing in etc be handled in the ios application. This makes me wonder if OAuth is the correct

Doorkeeper separate resource server from the authorization server

阅读更多关于 Doorkeeper separate resource server from the authorization server

问题 I am building an ouath 2.0 system in ruby on rails using Doorkeeper. My resource server is protected with doorkeeper_for method and is separate from the authorization server, and i am using the implicit grant flow. So i get the access token from the auth server and then make a request to the resource server in this way: localhsot:3000/pages?access_token=XXXX but when the resource server read the access token it try to looks for the token in its own database and not in the authentication

Oauth2 password grant type with Doorkeeper and Angular

阅读更多关于 Oauth2 password grant type with Doorkeeper and Angular

I've got a Rails API that is using Doorkeeper with the password grant method for Oauth2. Doorkeeper requires both the client_id and client_secret to be sent to the token request ( /oauth/token ), alongside the user's login details and scope. How would I go about doing this in an Angular app? I don't like the idea of storing the client id and secret client side... The client_id and client_secret should only be used when your app code is secured, i.g. inside your web server. For browser web apps and mobile apps the oauth implicit flow or the password flow should be used. In the implicit flow,

Doorkeeper separate resource server from the authorization server

阅读更多关于 Doorkeeper separate resource server from the authorization server

I am building an ouath 2.0 system in ruby on rails using Doorkeeper . My resource server is protected with doorkeeper_for method and is separate from the authorization server, and i am using the implicit grant flow. So i get the access token from the auth server and then make a request to the resource server in this way: localhsot:3000/pages?access_token=XXXX but when the resource server read the access token it try to looks for the token in its own database and not in the authentication server database so i get a 401 Unautorized error. How can i solve this? You should add a database

How to do Application-only authentication in doorkeeper (oauth2)

阅读更多关于 How to do Application-only authentication in doorkeeper (oauth2)

问题 Twitter has application-only authentication for their api: https://dev.twitter.com/docs/auth/application-only-auth Twitter offers applications the ability to issue authenticated requests on behalf of the application itself (as opposed to on behalf of a specific user) I want to do the same with doorkeeper in Rails, but I'm not sure how to do that. It seems to be only possible to authenticate users via a callback url, but how can I access my API using the applications context (only by using the

How to return Doorkeeper access token as json

阅读更多关于 How to return Doorkeeper access token as json

问题 I am trying to create a log in system for an iOS app with a rails back end powered by devise and door keeper. I want to limit the number of network requests so don't want to have to get the token from credentials then get the user details as a separate request. Here is my current attempt: token = Doorkeeper::AccessToken.create!(application_id: @application_id, resource_owner_id: current_user.id, :expires_in => 168.hours) puts token.token render :json => {:user => current_user, :token => token

How to do Application-only authentication in doorkeeper (oauth2)

阅读更多关于 How to do Application-only authentication in doorkeeper (oauth2)

Twitter has application-only authentication for their api: https://dev.twitter.com/docs/auth/application-only-auth Twitter offers applications the ability to issue authenticated requests on behalf of the application itself (as opposed to on behalf of a specific user) I want to do the same with doorkeeper in Rails, but I'm not sure how to do that. It seems to be only possible to authenticate users via a callback url, but how can I access my API using the applications context (only by using the app ID and app secret) My first idea was to do a password credentials login with the app's ID and

How to return Doorkeeper access token as json

阅读更多关于 How to return Doorkeeper access token as json

I am trying to create a log in system for an iOS app with a rails back end powered by devise and door keeper. I want to limit the number of network requests so don't want to have to get the token from credentials then get the user details as a separate request. Here is my current attempt: token = Doorkeeper::AccessToken.create!(application_id: @application_id, resource_owner_id: current_user.id, :expires_in => 168.hours) puts token.token render :json => {:user => current_user, :token => token.as_json(:include=> token)}, status: :ok, location: :users However what is being returned is: {"user":{