Getting 401 Unauthorized even after setting up skip_authorization

[poudelprakash]

Steps to reproduce

As per the documentation: https://github.com/doorkeeper-gem/doorkeeper/wiki/Skipping-application-authorization, in your doorkeeper initializer add

skip_authorization do
  true
end

and then make api call to any controller that has before_action :doorkeeper_authorize!, make sure not to pass access_token on your api call.

Expected behavior

Skip authorization and get data/response

Actual behavior

got 401

System configuration

Doorkeeper initializer:

Doorkeeper.configure do
  # Change the ORM that doorkeeper will use (needs plugins)
  orm :active_record

  # This block will be called to check whether the resource owner is authenticated or not.
  resource_owner_authenticator do
    raise "Please configure doorkeeper resource_owner_authenticator block located in #{__FILE__}"
    # Put your resource owner authentication logic here.
    # Example implementation:
    #   User.find_by_id(session[:user_id]) || redirect_to(new_user_session_url)
  end

  resource_owner_from_credentials do
    user = User.find_for_database_authentication(email: params[:email])
    if user && user.valid_for_authentication? { user.valid_password?(params[:password]) }
      user
    end
  end

  # If you want to restrict access to the web interface for adding oauth authorized applications,
  # you need to declare the block below.
  # admin_authenticator do
  #   # Put your admin authentication logic here.
  #   # Example implementation:
  #   Admin.find_by_id(session[:admin_id]) || redirect_to(new_admin_session_url)
  # end

  # Authorization Code expiration time (default 10 minutes).
  # authorization_code_expires_in 10.minutes

  # Access token expiration time (default 2 hours).
  # If you want to disable expiration, set this to nil.
  access_token_expires_in Utils.parse_duration(ENV.fetch('DOORKEEPER_TOKEN_EXPIRATION'))

  # Assign a custom TTL for implicit grants.
  # custom_access_token_expires_in do |oauth_client|
  #   oauth_client.application.additional_settings.implicit_oauth_expiration
  # end

  # Use a custom class for generating the access token.
  # https://github.com/doorkeeper-gem/doorkeeper#custom-access-token-generator
  # access_token_generator '::Doorkeeper::JWT'

  # The controller Doorkeeper::ApplicationController inherits from.
  # Defaults to ActionController::Base.
  # https://github.com/doorkeeper-gem/doorkeeper#custom-base-controller
  base_controller 'ApplicationController'

  # Reuse access token for the same resource owner within an application (disabled by default)
  # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383
  # reuse_access_token

  # Issue access tokens with refresh token (disabled by default)
  use_refresh_token

  # Provide support for an owner to be assigned to each registered application (disabled by default)
  # Optional parameter confirmation: true (default false) if you want to enforce ownership of
  # a registered application
  # Note: you must also run the rails g doorkeeper:application_owner generator to provide the necessary support
  # enable_application_owner confirmation: false

  # Define access token scopes for your provider
  # For more information go to
  # https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
  # default_scopes  :public
  # optional_scopes :write, :update

  # Change the way client credentials are retrieved from the request object.
  # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
  # falls back to the `:client_id` and `:client_secret` params from the `params` object.
  # Check out the wiki for more information on customization
  # client_credentials :from_basic, :from_params

  # Change the way access token is authenticated from the request object.
  # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
  # falls back to the `:access_token` or `:bearer_token` params from the `params` object.
  # Check out the wiki for more information on customization
  # access_token_methods :from_bearer_authorization, :from_access_token_param, :from_bearer_param

  # Change the native redirect uri for client apps
  # When clients register with the following redirect uri, they won't be redirected to any server and
  # the authorization code will be displayed within the providera
  # The value can be any string. Use nil to disable this feature. When disabled, clients must provide a valid URL
  # (Similar behaviour: https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi)
  #
  # native_redirect_uri 'urn:ietf:wg:oauth:2.0:oob'

  # Forces the usage of the HTTPS protocol in non-native redirect uris (enabled
  # by default in non-development environments). OAuth2 delegates security in
  # communication to the HTTPS protocol so it is wise to keep this enabled.
  #
  # force_ssl_in_redirect_uri !Rails.env.development?

  # Specify what grant flows are enabled in array of Strings. The valid
  # strings and the flows they enable are:
  #
  # "authorization_code" => Authorization Code Grant Flow
  # "implicit"           => Implicit Grant Flow
  # "password"           => Resource Owner Password Credentials Grant Flow
  # "client_credentials" => Client Credentials Grant Flow
  #
  # If not specified, Doorkeeper enables authorization_code and
  # client_credentials.
  #
  # implicit and password grant flows have risks that you should understand
  # before enabling:
  #   http://tools.ietf.org/html/rfc6819#section-4.4.2
  #   http://tools.ietf.org/html/rfc6819#section-4.4.3
  #
  grant_flows %w(oauth_credentials password)

  # Under some circumstances you might want to have applications auto-approved,
  # so that the user skips the authorization step.
  # For example if dealing with a trusted application.
  skip_authorization do
    true
  end

  # WWW-Authenticate Realm (default "Doorkeeper").
  # realm "Doorkeeper"
end

Ruby version: ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-darwin18]

Gemfile.lock:

GIT
  remote: https://github.com/nimbl3/discourse_api.git
  revision: a414b6b003098de25594fc146c23296f73b20e5b
  tag: nimbl3/v0.17.2
  specs:
    discourse_api (0.17.0)
      faraday (~> 0.9)
      faraday_middleware (~> 0.10)
      rack (>= 1.6)

GIT
  remote: https://github.com/nimbl3/travelpayouts_api.git
  revision: c628ef3994d7f5fd97e9b8cbb7577bdbce846f75
  tag: 1.0.2
  specs:
    travelpayouts_api (1.0.1)
      hashie
      rest-client

PATH
  remote: engines/my_app_admin
  specs:
    my_app_admin (0.1.0)
      devise
      filestack-rails
      rails (~> 5.0.0)
      rails_admin (~> 1.0)
      rails_admin_import (~> 2.0)

PATH
  remote: engines/my_app_api
  specs:
    my_app_api (0.1.0)
      active_model_serializers (= 0.10.4)
      doorkeeper
      google_currency
      kaminari
      money
      rails (~> 5.0.0)

PATH
  remote: engines/my_app_frontend
  specs:
    my_app_frontend (0.1.0)
      devise
      devise_invitable
      omniauth
      omniauth-facebook
      omniauth-google-oauth2
      rails (~> 5.0.0)
      react_on_rails (~> 6)

GEM
  remote: https://rubygems.org/
  specs:
    actioncable (5.0.0)
      actionpack (= 5.0.0)
      nio4r (~> 1.2)
      websocket-driver (~> 0.6.1)
    actionmailer (5.0.0)
      actionpack (= 5.0.0)
      actionview (= 5.0.0)
      activejob (= 5.0.0)
      mail (~> 2.5, >= 2.5.4)
      rails-dom-testing (~> 2.0)
    actionpack (5.0.0)
      actionview (= 5.0.0)
      activesupport (= 5.0.0)
      rack (~> 2.0)
      rack-test (~> 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
    actionview (5.0.0)
      activesupport (= 5.0.0)
      builder (~> 3.1)
      erubis (~> 2.7.0)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
    active_model_serializers (0.10.4)
      actionpack (>= 4.1, < 6)
      activemodel (>= 4.1, < 6)
      case_transform (>= 0.2)
      jsonapi (= 0.1.1.beta6)
    activejob (5.0.0)
      activesupport (= 5.0.0)
      globalid (>= 0.3.6)
    activemodel (5.0.0)
      activesupport (= 5.0.0)
    activerecord (5.0.0)
      activemodel (= 5.0.0)
      activesupport (= 5.0.0)
      arel (~> 7.0)
    activesupport (5.0.0)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (~> 0.7)
      minitest (~> 5.1)
      tzinfo (~> 1.1)
    acts_as_commentable_with_threading (2.0.1)
      activerecord (>= 4.0)
      activesupport (>= 4.0)
      awesome_nested_set (>= 3.0)
    addressable (2.5.2)
      public_suffix (>= 2.0.2, < 4.0)
    arel (7.1.4)
    ast (2.3.0)
    awesome_nested_set (3.1.1)
      activerecord (>= 4.0.0, < 5.1)
    awesome_print (1.7.0)
    axiom-types (0.1.1)
      descendants_tracker (~> 0.0.4)
      ice_nine (~> 0.11.0)
      thread_safe (~> 0.3, >= 0.3.1)
    bcrypt (3.1.11)
    better_errors (2.1.1)
      coderay (>= 1.0.0)
      erubis (>= 2.6.6)
      rack (>= 0.9.0)
    binding_of_caller (0.7.2)
      debug_inspector (>= 0.0.1)
    brakeman (3.4.0)
    builder (3.2.2)
    bullet (5.4.2)
      activesupport (>= 3.0.0)
      uniform_notifier (~> 1.10.0)
    byebug (9.0.6)
    cancancan (1.15.0)
    capybara (2.11.0)
      addressable
      mime-types (>= 1.16)
      nokogiri (>= 1.3.3)
      rack (>= 1.0.0)
      rack-test (>= 0.5.4)
      xpath (~> 2.0)
    case_transform (0.2)
      activesupport
    chewy (0.9.0)
      activesupport (>= 3.2)
      elasticsearch (>= 1.0.0)
    childprocess (0.5.9)
      ffi (~> 1.0, >= 1.0.11)
    cliver (0.3.2)
    code_analyzer (0.4.8)
      sexp_processor
    codeclimate-engine-rb (0.4.0)
      virtus (~> 1.0)
    coderay (1.1.1)
    coercible (1.0.0)
      descendants_tracker (~> 0.0.1)
    coffee-rails (4.2.2)
      coffee-script (>= 2.2.0)
      railties (>= 4.0.0)
    coffee-script (2.4.1)
      coffee-script-source
      execjs
    coffee-script-source (1.12.2)
    colorize (0.8.1)
    concurrent-ruby (1.0.5)
    connection_pool (2.2.0)
    countries (3.0.0)
      i18n_data (~> 0.8.0)
      sixarm_ruby_unaccent (~> 1.1)
      unicode_utils (~> 1.4)
    crack (0.4.3)
      safe_yaml (~> 1.0.0)
    css_parser (1.4.6)
      addressable
    database_cleaner (1.5.3)
    debug_inspector (0.0.2)
    declarative (0.0.10)
    declarative-option (0.1.0)
    descendants_tracker (0.0.4)
      thread_safe (~> 0.3, >= 0.3.1)
    devise (4.2.0)
      bcrypt (~> 3.0)
      orm_adapter (~> 0.1)
      railties (>= 4.1.0, < 5.1)
      responders
      warden (~> 1.2.3)
    devise_invitable (1.7.0)
      actionmailer (>= 4.0.0)
      devise (>= 4.0.0)
    diff-lcs (1.2.5)
    docile (1.1.5)
    domain_name (0.5.20170223)
      unf (>= 0.0.5, < 1.0.0)
    doorkeeper (4.2.6)
      railties (>= 4.2)
    elasticsearch (5.0.3)
      elasticsearch-api (= 5.0.3)
      elasticsearch-transport (= 5.0.3)
    elasticsearch-api (5.0.3)
      multi_json
    elasticsearch-transport (5.0.3)
      faraday
      multi_json
    equalizer (0.0.11)
    erubis (2.7.0)
    execjs (2.7.0)
    fabrication (2.16.0)
    faraday (0.9.2)
      multipart-post (>= 1.2, < 3)
    faraday_middleware (0.12.2)
      faraday (>= 0.7.4, < 1.0)
    ffaker (2.2.0)
    ffi (1.9.14)
    figaro (1.1.1)
      thor (~> 0.14)
    filestack-rails (2.2.0)
      rails (>= 3.2)
    flay (2.8.1)
      erubis (~> 2.7.0)
      path_expander (~> 1.0)
      ruby_parser (~> 3.0)
      sexp_processor (~> 4.0)
    flog (4.4.0)
      path_expander (~> 1.0)
      ruby_parser (~> 3.1, > 3.1.0)
      sexp_processor (~> 4.4)
    font-awesome-rails (4.7.0.2)
      railties (>= 3.2, < 5.2)
    foreman (0.82.0)
      thor (~> 0.19.1)
    formatador (0.2.5)
    geokit (1.13.1)
    geokit-rails (2.3.1)
      geokit (~> 1.5)
      rails (>= 3.0)
    gitlab (4.4.0)
      httparty (>= 0.14.0)
      terminal-table (>= 1.5.1)
    globalid (0.3.7)
      activesupport (>= 4.1.0)
    google-api-client (0.28.1)
      addressable (~> 2.5, >= 2.5.1)
      googleauth (>= 0.5, < 0.10.0)
      httpclient (>= 2.8.1, < 3.0)
      mime-types (~> 3.0)
      representable (~> 3.0)
      retriable (>= 2.0, < 4.0)
      signet (~> 0.10)
    google_currency (3.4.0)
      money (~> 6.7)
    googleauth (0.5.1)
      faraday (~> 0.9)
      jwt (~> 1.4)
      logging (~> 2.0)
      memoist (~> 0.12)
      multi_json (~> 1.11)
      os (~> 0.9)
      signet (~> 0.7)
    guard (2.14.0)
      formatador (>= 0.2.4)
      listen (>= 2.7, < 4.0)
      lumberjack (~> 1.0)
      nenv (~> 0.1)
      notiffany (~> 0.0)
      pry (>= 0.9.12)
      shellany (~> 0.0)
      thor (>= 0.18.1)
    guard-bundler (2.1.0)
      bundler (~> 1.0)
      guard (~> 2.2)
      guard-compat (~> 1.1)
    guard-compat (1.2.1)
    guard-foreman (0.0.4)
      guard (~> 2.6)
      spoon (~> 0.0, >= 0.0.4)
    guard-rubocop (1.2.0)
      guard (~> 2.0)
      rubocop (~> 0.20)
    haml (4.0.7)
      tilt
    hashdiff (0.3.0)
    hashie (3.4.6)
    http-cookie (1.0.3)
      domain_name (~> 0.5)
    httparty (0.16.2)
      multi_xml (>= 0.5.2)
    httpclient (2.8.3)
    i18n (0.8.6)
    i18n-js (3.0.0)
      i18n (~> 0.6, >= 0.6.6)
    i18n_data (0.8.0)
    ice_nine (0.11.2)
    jquery-rails (4.2.1)
      rails-dom-testing (>= 1, < 3)
      railties (>= 4.2.0)
      thor (>= 0.14, < 2.0)
    jquery-ui-rails (5.0.5)
      railties (>= 3.2.16)
    json (1.8.3)
    json-schema (2.2.5)
    json_matchers (0.5.0)
      activesupport (>= 3.0.0)
      json-schema (~> 2.2.5)
    jsonapi (0.1.1.beta6)
      jsonapi-parser (= 0.1.1.beta3)
      jsonapi-renderer (= 0.1.1.beta1)
    jsonapi-parser (0.1.1.beta3)
    jsonapi-renderer (0.1.1.beta1)
    jwt (1.5.6)
    kaminari (0.17.0)
      actionpack (>= 3.0.0)
      activesupport (>= 3.0.0)
    launchy (2.4.3)
      addressable (~> 2.3)
    letter_opener (1.4.1)
      launchy (~> 2.2)
    letter_opener_web (1.2.3)
      letter_opener (~> 1.0)
      rails (>= 3.2)
    listen (3.0.8)
      rb-fsevent (~> 0.9, >= 0.9.4)
      rb-inotify (~> 0.9, >= 0.9.7)
    little-plugger (1.1.4)
    livingstyleguide (2.0.1)
      minisyntax (>= 0.2.5)
      redcarpet
      sass
      thor
      tilt
    logging (2.2.2)
      little-plugger (~> 1.1)
      multi_json (~> 1.10)
    loofah (2.0.3)
      nokogiri (>= 1.5.9)
    lumberjack (1.0.10)
    mail (2.6.4)
      mime-types (>= 1.16, < 4)
    memoist (0.16.0)
    method_source (0.8.2)
    mime-types (3.2.2)
      mime-types-data (~> 3.2015)
    mime-types-data (3.2018.0812)
    mini_portile2 (2.1.0)
    minisyntax (0.2.5)
    minitest (5.10.1)
    money (6.9.0)
      i18n (>= 0.6.4, < 0.9)
    multi_json (1.13.1)
    multi_xml (0.5.5)
    multipart-post (2.0.0)
    nenv (0.3.0)
    nested_form (0.3.2)
    netrc (0.11.0)
    newrelic_rpm (5.4.0.347)
    nio4r (1.2.1)
    nokogiri (1.6.8.1)
      mini_portile2 (~> 2.1.0)
    notiffany (0.1.1)
      nenv (~> 0.1)
      shellany (~> 0.0)
    oauth2 (1.2.0)
      faraday (>= 0.8, < 0.10)
      jwt (~> 1.0)
      multi_json (~> 1.3)
      multi_xml (~> 0.5)
      rack (>= 1.2, < 3)
    octokit (4.9.0)
      sawyer (~> 0.8.0, >= 0.5.3)
    omniauth (1.3.1)
      hashie (>= 1.2, < 4)
      rack (>= 1.0, < 3)
    omniauth-facebook (4.0.0)
      omniauth-oauth2 (~> 1.2)
    omniauth-google-oauth2 (0.4.1)
      jwt (~> 1.5.2)
      multi_json (~> 1.3)
      omniauth (>= 1.1.1)
      omniauth-oauth2 (>= 1.3.1)
    omniauth-oauth2 (1.4.0)
      oauth2 (~> 1.0)
      omniauth (~> 1.2)
    orm_adapter (0.5.0)
    os (0.9.6)
    paranoia (2.2.0)
      activerecord (>= 4.0, < 5.1)
    parser (2.3.1.2)
      ast (~> 2.2)
    path_expander (1.0.0)
    pg (0.19.0)
    poltergeist (1.12.0)
      capybara (~> 2.1)
      cliver (~> 0.3.1)
      websocket-driver (>= 0.2.0)
    powerpack (0.1.1)
    pronto (0.9.5)
      gitlab (~> 4.0, >= 4.0.0)
      httparty (>= 0.13.7)
      octokit (~> 4.7, >= 4.7.0)
      rainbow (~> 2.1)
      rugged (~> 0.24, >= 0.23.0)
      thor (~> 0.19.0)
    pronto-brakeman (0.9.1)
      brakeman (>= 3.2.0)
      pronto (~> 0.9.0)
    pronto-dirty_words (0.9.0)
      pronto (~> 0.9.0)
      rugged (~> 0.24, >= 0.23.0)
    pronto-flay (0.9.0)
      flay (~> 2.8)
      pronto (~> 0.9.0)
    pronto-rails_best_practices (0.9.0)
      pronto (~> 0.9.0)
      rails_best_practices (~> 1.16, >= 1.15.0)
    pronto-rails_schema (0.9.1)
      pronto (~> 0.9.0)
    pronto-reek (0.9.0)
      pronto (~> 0.9.0)
      reek (~> 4.2)
    pronto-rubocop (0.9.0)
      pronto (~> 0.9.0)
      rubocop (~> 0.38, >= 0.35.0)
    pronto-scss (0.9.1)
      pronto (~> 0.9.0)
      scss_lint (~> 0.43, >= 0.43.0)
    pry (0.10.4)
      coderay (~> 1.1.0)
      method_source (~> 0.8.1)
      slop (~> 3.4)
    pry-rails (0.3.4)
      pry (>= 0.9.10)
    public_suffix (3.0.3)
    puma (3.6.0)
    rack (2.0.1)
    rack-pjax (1.0.0)
      nokogiri (~> 1.5)
      rack (>= 1.1)
    rack-protection (1.5.3)
      rack
    rack-test (0.6.3)
      rack (>= 1.0)
    rack-timeout (0.4.2)
    rails (5.0.0)
      actioncable (= 5.0.0)
      actionmailer (= 5.0.0)
      actionpack (= 5.0.0)
      actionview (= 5.0.0)
      activejob (= 5.0.0)
      activemodel (= 5.0.0)
      activerecord (= 5.0.0)
      activesupport (= 5.0.0)
      bundler (>= 1.3.0, < 2.0)
      railties (= 5.0.0)
      sprockets-rails (>= 2.0.0)
    rails-controller-testing (1.0.1)
      actionpack (~> 5.x)
      actionview (~> 5.x)
      activesupport (~> 5.x)
    rails-dom-testing (2.0.1)
      activesupport (>= 4.2.0, < 6.0)
      nokogiri (~> 1.6.0)
    rails-html-sanitizer (1.0.3)
      loofah (~> 2.0)
    rails_admin (1.2.0)
      builder (~> 3.1)
      coffee-rails (~> 4.0)
      font-awesome-rails (>= 3.0, < 5)
      haml (>= 4.0, < 6)
      jquery-rails (>= 3.0, < 5)
      jquery-ui-rails (~> 5.0)
      kaminari (>= 0.14, < 2.0)
      nested_form (~> 0.3)
      rack-pjax (>= 0.7)
      rails (>= 4.0, < 6)
      remotipart (~> 1.3)
      sass-rails (>= 4.0, < 6)
    rails_admin_import (2.0.0)
      haml (~> 4.0)
      rails (>= 3.2)
      rails_admin (>= 0.6.6)
      rchardet (~> 1.6)
      simple_xlsx_reader (~> 1.0)
    rails_best_practices (1.19.2)
      activesupport
      code_analyzer (>= 0.4.8)
      erubis
      i18n
      json
      require_all (~> 2.0)
      ruby-progressbar
    railties (5.0.0)
      actionpack (= 5.0.0)
      activesupport (= 5.0.0)
      method_source
      rake (>= 0.8.7)
      thor (>= 0.18.1, < 2.0)
    rainbow (2.1.0)
    rake (11.3.0)
    rb-fsevent (0.9.8)
    rb-inotify (0.9.7)
      ffi (>= 0.5.0)
    rchardet (1.6.1)
    react_on_rails (6.1.2)
      addressable
      connection_pool
      execjs (~> 2.5)
      foreman
      rails (>= 3.2)
      rainbow (~> 2.1)
    redcarpet (3.4.0)
    redis (3.3.2)
    reek (4.5.1)
      codeclimate-engine-rb (~> 0.4.0)
      parser (~> 2.3.1, >= 2.3.1.2)
      rainbow (~> 2.0)
    remotipart (1.3.1)
    representable (3.0.4)
      declarative (< 0.1.0)
      declarative-option (< 0.2.0)
      uber (< 0.2.0)
    require_all (2.0.0)
    responders (2.3.0)
      railties (>= 4.2.0, < 5.1)
    rest-client (2.0.1)
      http-cookie (>= 1.0.2, < 2.0)
      mime-types (>= 1.16, < 4.0)
      netrc (~> 0.8)
    retriable (3.1.2)
    roadie (3.2.0)
      css_parser (~> 1.4.5)
      nokogiri (>= 1.5.0, < 1.7.0)
    roadie-rails (1.1.1)
      railties (>= 3.0, < 5.1)
      roadie (~> 3.1)
    rspec-core (3.5.4)
      rspec-support (~> 3.5.0)
    rspec-expectations (3.5.0)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.5.0)
    rspec-mocks (3.5.0)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.5.0)
    rspec-rails (3.5.2)
      actionpack (>= 3.0)
      activesupport (>= 3.0)
      railties (>= 3.0)
      rspec-core (~> 3.5.0)
      rspec-expectations (~> 3.5.0)
      rspec-mocks (~> 3.5.0)
      rspec-support (~> 3.5.0)
    rspec-retry (0.5.3)
      rspec-core (> 3.3, < 3.6)
    rspec-support (3.5.0)
    rubocop (0.45.0)
      parser (>= 2.3.1.1, < 3.0)
      powerpack (~> 0.1)
      rainbow (>= 1.99.1, < 3.0)
      ruby-progressbar (~> 1.7)
      unicode-display_width (~> 1.0, >= 1.0.1)
    ruby-oembed (0.10.1)
    ruby-progressbar (1.8.1)
    ruby_parser (3.8.3)
      sexp_processor (~> 4.1)
    rubycritic (2.9.4)
      colorize
      flay (~> 2.8)
      flog (~> 4.4)
      launchy (= 2.4.3)
      parser (= 2.3.1.2)
      reek (~> 4.4)
      ruby_parser (~> 3.8)
      virtus (~> 1.0)
    rubyzip (1.2.0)
    rugged (0.27.2)
    safe_yaml (1.0.4)
    sass (3.4.22)
    sass-rails (5.0.6)
      railties (>= 4.0.0, < 6)
      sass (~> 3.1)
      sprockets (>= 2.8, < 4.0)
      sprockets-rails (>= 2.0, < 4.0)
      tilt (>= 1.1, < 3)
    sassc (1.11.4)
      bundler
      ffi (~> 1.9.6)
      sass (>= 3.3.0)
    sassc-rails (1.3.0)
      railties (>= 4.0.0)
      sass
      sassc (~> 1.9)
      sprockets (> 2.11)
      sprockets-rails
      tilt
    sawyer (0.8.1)
      addressable (>= 2.3.5, < 2.6)
      faraday (~> 0.8, < 1.0)
    scss_lint (0.55.0)
      rake (>= 0.9, < 13)
      sass (~> 3.4.20)
    selenium-webdriver (2.53.4)
      childprocess (~> 0.5)
      rubyzip (~> 1.0)
      websocket (~> 1.0)
    sentry-raven (2.6.3)
      faraday (>= 0.7.6, < 1.0)
    sexp_processor (4.7.0)
    shellany (0.0.1)
    shoulda-matchers (3.1.1)
      activesupport (>= 4.0.0)
    sidekiq (4.2.6)
      concurrent-ruby (~> 1.0)
      connection_pool (~> 2.2, >= 2.2.0)
      rack-protection (>= 1.5.0)
      redis (~> 3.2, >= 3.2.1)
    signet (0.11.0)
      addressable (~> 2.3)
      faraday (~> 0.9)
      jwt (>= 1.5, < 3.0)
      multi_json (~> 1.10)
    simple_xlsx_reader (1.0.2)
      nokogiri
      rubyzip
    simplecov (0.12.0)
      docile (~> 1.1.0)
      json (>= 1.8, < 3)
      simplecov-html (~> 0.10.0)
    simplecov-html (0.10.0)
    sixarm_ruby_unaccent (1.2.0)
    slim (3.0.7)
      temple (~> 0.7.6)
      tilt (>= 1.3.3, < 2.1)
    slop (3.6.0)
    spoon (0.0.6)
      ffi
    spring (2.0.0)
      activesupport (>= 4.2)
    spring-watcher-listen (2.0.1)
      listen (>= 2.7, < 4.0)
      spring (>= 1.2, < 3.0)
    sprockets (3.7.0)
      concurrent-ruby (~> 1.0)
      rack (> 1, < 3)
    sprockets-rails (3.2.0)
      actionpack (>= 4.0)
      activesupport (>= 4.0)
      sprockets (>= 3.0.0)
    squasher (0.4.0)
    stringex (2.7.1)
    temple (0.7.7)
    terminal-table (1.8.0)
      unicode-display_width (~> 1.1, >= 1.1.1)
    thor (0.19.1)
    thread_safe (0.3.6)
    tilt (2.0.5)
    timecop (0.8.1)
    tzinfo (1.2.2)
      thread_safe (~> 0.1)
    uber (0.1.0)
    uglifier (3.0.3)
      execjs (>= 0.3.0, < 3)
    unf (0.1.4)
      unf_ext
    unf_ext (0.0.7.2)
    unicode-display_width (1.1.1)
    unicode_utils (1.4.0)
    uniform_notifier (1.10.0)
    vcr (3.0.3)
    virtus (1.0.5)
      axiom-types (~> 0.1)
      coercible (~> 1.0)
      descendants_tracker (~> 0.0, >= 0.0.3)
      equalizer (~> 0.0, >= 0.0.9)
    warden (1.2.6)
      rack (>= 1.0)
    webmock (2.1.0)
      addressable (>= 2.3.6)
      crack (>= 0.3.2)
      hashdiff
    websocket (1.2.3)
    websocket-driver (0.6.4)
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.2)
    whacamole (1.2.0)
    xpath (2.0.0)
      nokogiri (~> 1.3)

PLATFORMS
  ruby

DEPENDENCIES
  acts_as_commentable_with_threading
  awesome_print
  better_errors
  binding_of_caller
  brakeman
  bullet
  byebug
  cancancan
  capybara
  chewy
  countries
  database_cleaner
  devise
  discourse_api!
  fabrication
  ffaker
  figaro
  geokit-rails
  google-api-client
  guard-bundler
  guard-foreman
  guard-rubocop
  i18n-js (= 3.0.0)
  jquery-rails
  json_matchers
  letter_opener
  letter_opener_web
  listen (~> 3.0.5)
  livingstyleguide (~> 2.0)
  newrelic_rpm
  paranoia
  pg
  poltergeist
  pronto
  pronto-brakeman
  pronto-dirty_words
  pronto-flay
  pronto-rails_best_practices
  pronto-rails_schema
  pronto-reek
  pronto-rubocop
  pronto-scss
  pry-rails
  puma
  rack-timeout
  rails (= 5.0.0)
  rails-controller-testing
  rest-client
  roadie-rails
  rspec-rails (= 3.5.2)
  rspec-retry
  ruby-oembed
  rubycritic
  sass-rails
  sassc-rails
  selenium-webdriver (= 2.53.4)
  sentry-raven
  shoulda-matchers (= 3.1.1)
  sidekiq
  simplecov
  slim
  spring
  spring-watcher-listen (~> 2.0.0)
  squasher
  stringex
  timecop
  my_app_admin!
  my_app_api!
  my_app_frontend!
  travelpayouts_api!
  uglifier
  vcr
  webmock
  whacamole

RUBY VERSION
   ruby 2.3.1p112

BUNDLED WITH
   1.17.1

[poudelprakash]

      def doorkeeper_authorize!(*scopes)
        @_doorkeeper_scopes = scopes.presence || Doorkeeper.configuration.default_scopes
        unless valid_doorkeeper_token?
          doorkeeper_render_error
        end
      end

Since this function acts as both point of entry and exit and does not make any call to skip_authorization from config, I am in doubt if I understood the feature from documentation wrong in first place.

I modified above function to

      def doorkeeper_authorize!(*scopes)
        @_doorkeeper_scopes = scopes.presence || Doorkeeper.configuration.default_scopes
        return if Doorkeeper.configuration.skip_authorization
        unless valid_doorkeeper_token?
          doorkeeper_render_error
        end
      end

as workaround.

would love to hear from gem developers..

[poudelprakash]

@nbulaj @felipeelias

[poudelprakash]

Related question in stackoverflow from 2014: https://stackoverflow.com/questions/26067209/doorkeeper-skip-authorization-step

[felipeelias]

@poudelprakash thanks for the report! I'm looking into it right now

[felipeelias]

The skip_authorization configuration lets users skip this screen:

This was introduced by #166 so users don't need to authorize "trusted applications".

@poudelprakash: and then make api call to any controller that has before_action :doorkeeper_authorize!, make sure not to pass access_token on your api call.

What you need to accomplish this is skip the before_action on your controller, like stated on this part of Rails guides: https://guides.rubyonrails.org/action_controller_overview.html#filters

Just note that by doing so, the controller will not require access token to be included in the request, which means that your API is not going to be protected by doorkeeper.