Open cmitz opened 4 years ago
nbulaj
commented
4 years ago Hi @cmitz . I'm not sure I understood your problem
Doorkeeper::JWT generates a JWT token that is stored then in the database. doorkeeper_authorize! retrieves the token from the request, finds a Doorkeeper::AccessToken instance using it and then checks the scopes.
So I don't sure which issue you're describing. Maybe you could prepare a RSpec example to show it? Thanks!
cmitz
commented
4 years ago I encountered this in a hobby application that I threw away when I finished playing with it, so I can't reproduce it very easily. I recall getting an error that acceptable? was not a function defined for String. So somewhere in the logic the token got converted to a string...
I will try to find some time in the coming days to try and come up with an rspec example.
nbulaj
commented
4 years ago I recall getting an error that acceptable? was not a function defined for String. So somewhere in the logic the token got converted to a string...
This is super strange just because doorkeeper_token must be an instance of Doorkeeper::AccessToken (https://github.com/doorkeeper-gem/doorkeeper/blob/4dc432c74a424c85e141b131939faafa98a916fc/lib/doorkeeper/rails/helpers.rb#L72-L77) that implements this method, and not a string :thinking:
In a doorkeeper-protected application, a controller could look like this:
However, when using Doorkeeper::JWT to generate access tokens this commonly used pattern breaks since a Doorkeeper::JWT token is just a string...
The
before_action :doorkeeper_authorize!way of authenticating calls breaks here, because it expects adoorkeeper_tokento implement theacceptable?method: https://github.com/doorkeeper-gem/doorkeeper/blob/4dc432c74a424c85e141b131939faafa98a916fc/lib/doorkeeper/rails/helpers.rb#L16I have only just started my sideproject and Doorkeeper is relatively new to me, but would it work if
Doorkeeper::JWTtokens extend the token mixin? https://github.com/doorkeeper-gem/doorkeeper/blob/v5.2.1/lib/doorkeeper/models/access_token_mixin.rb#L275