search

doorkeeper-gem / doorkeeper

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape.
https://doorkeeper.gitbook.io/guides/
MIT License
5.35k stars 1.07k forks source link

Validate client app instead of access_token on some actions in door_keeper? #363

Closed samnang closed 10 years ago

samnang commented 10 years ago

I'm using Rails JSON API + Doorkeeper, so I want to let my mobile app that has client_id and client_secrete to request POST /users to create a user without validating with access token. Currently, I create user directly in rails console, and mobile application uses Using Resource Owner Password Credentials flow to get token to access protected resources via API. In this code below, mobile application has to provide access token to be able to invoke index action:

class UsersController < ApplicationController
  doorkeeper_for :all, except: :create

  def index
    ...
  end

  def create
  end
end

Currently, create action doesn't validate anything, so is there anyway to tell door_keeper to validate client_id and client_secret before allowing to invoke a particular action? I don't want it to be public.

tute commented 10 years ago

https://github.com/applicake/doorkeeper/wiki/Skipping-application-authorization may be related. Also, you may ask questions in StackOverflow as well: http://stackoverflow.com/questions/tagged/doorkeeper.

Closing as it's not an issue with doorkeeper, but happy to continue the discussion!

samnang commented 10 years ago

Thank you.