Closed poudelprakash closed 5 years ago
def doorkeeper_authorize!(*scopes)
@_doorkeeper_scopes = scopes.presence || Doorkeeper.configuration.default_scopes
unless valid_doorkeeper_token?
doorkeeper_render_error
end
end
Since this function acts as both point of entry and exit and does not make any call to skip_authorization from config, I am in doubt if I understood the feature from documentation wrong in first place.
I modified above function to
def doorkeeper_authorize!(*scopes)
@_doorkeeper_scopes = scopes.presence || Doorkeeper.configuration.default_scopes
return if Doorkeeper.configuration.skip_authorization
unless valid_doorkeeper_token?
doorkeeper_render_error
end
end
as workaround.
would love to hear from gem developers..
@nbulaj @felipeelias
Related question in stackoverflow from 2014: https://stackoverflow.com/questions/26067209/doorkeeper-skip-authorization-step
@poudelprakash thanks for the report! I'm looking into it right now
The skip_authorization
configuration lets users skip this screen:
This was introduced by #166 so users don't need to authorize "trusted applications".
@poudelprakash: and then make api call to any controller that has before_action :doorkeeper_authorize!, make sure not to pass access_token on your api call.
What you need to accomplish this is skip the before_action
on your controller, like stated on this part of Rails guides: https://guides.rubyonrails.org/action_controller_overview.html#filters
Just note that by doing so, the controller will not require access token to be included in the request, which means that your API is not going to be protected by doorkeeper.
Steps to reproduce
As per the documentation: https://github.com/doorkeeper-gem/doorkeeper/wiki/Skipping-application-authorization, in your doorkeeper initializer add
and then make api call to any controller that has
before_action :doorkeeper_authorize!
, make sure not to pass access_token on your api call.Expected behavior
Skip authorization and get data/response
Actual behavior
got 401
System configuration
Doorkeeper initializer:
Ruby version: ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-darwin18]
Gemfile.lock: