Share This Article
This tutorial will show you how to implement Doorkeeper in Rails. Doorkeeper is a Ruby gem that allows you to easily add OAuth 2.0 provider functionality to your Ruby on Rails application.
Installing Doorkeeper
Installing Doorkeeper is straightforward; you need to add it to your Gemfile:
gem 'doorkeeper'
And then run bundle install
.
Once you have installed Doorkeeper, you need to run the rails generate doorkeeper:install
command to generate the necessary migration files.
After you have run the migrations, you need to add the doorkeeper_for :all
method to your routes.rb
file.
Rails.application.routes.draw do
root to: "home#index"
doorkeeper_for :all
# The rest of your routes...
end
This will add the /oauth/authorize
and /oauth/token
routes to your application.
Now you need to create an initializer for Doorkeeper.
# config/initializers/doorkeeper.rb
Doorkeeper.configure do
# other settings...
end
The most important setting that you need to configure is the resource_owner_authenticator
block. This block is used to authenticate the resource owner (usually the current user).
For example, if you are using Devise for authentication, you can use the following code:
Doorkeeper.configure do
# other settings...
resource_owner_authenticator do
current_user || warden.authenticate!(:scope => :user)
end
end
Another important setting is the resource_owner_from_credentials
block. This block is used to find the resource owner using the OAuth 2.0 credentials.
For example, if you want to allow users to log in using their username and password, you can use the following code:
Doorkeeper.configure do
# other settings...
resource_owner_from_credentials do |routes|
User.find_by(username: params[:username])
end
end
Once you have configured the initializer, you can start the server and access the /oauth/applications
route to register your first OAuth application.
Auth Token
After you have registered your application, you will be able to get the client_id
and client_secret
values, which you need to use when making OAuth requests.
You can use the doorkeeper_oauth_token
method to get an access token for a given user.
access_token = Doorkeeper::OAuth::Token.new(
:resource_owner_id => current_user.id,
:scopes => "public",
:expires_at => 1.hour.from_now,
:application => {
:id => 1,
:name => "My App",
:redirect_uri => "http://localhost:3000/callback"
}
)
access_token.save!
This access token can be used to make authenticated requests to your API on behalf of the user.
Summary
Doorkeeper is a Ruby gem that makes it easy to add OAuth 2.0 provider functionality to your Ruby on Rails application.
Installing Doorkeeper is straightforward; you need to add it to your Gemfile and run the rails generate doorkeeper:install
command to generate the necessary migration files.
After you have installed Doorkeeper, you need to add the doorkeeper_for :all
method to your routes.rb
file.
The most important setting that you need to configure is the resource_owner_authenticator
block. This block is used to authenticate the resource owner (usually the current user).
Another important setting is the resource_owner_from_credentials
block. This block is used to find the resource owner using the OAuth 2.0 credentials.
Finally, you can use the doorkeeper_oauth_token
method to get an access token for a given user.
This access token can be used to make authenticated requests to your API on behalf of the user.