Integrates OAuth2 tokens from the Doorkeeper gem into Devise authentication strategies
Devise and Doorkeeper are complimentary gems. Doorkeeper's job is to dispense OAuth2 tokens and Devise's job is to ensure your resources are protected from unauthenticated requests.
The devise-doorkeeper gem allows your existing Devise application to accept OAuth2 tokens created by the Doorkeeper authorization flow.
This means you do not need to update your controllers to use the doorkeeper_authorize!
filter and can use the standard Devise authenticate_user!
methods instead.
Add this line to your application's Gemfile:
gem 'devise-doorkeeper'
Update your config/initializers/doorkeeper.rb
to call
Devise::Doorkeeper.configure_doorkeeper(self)
.
# config/initializers/doorkeeper.rb
Doorkeeper.configure do
Devise::Doorkeeper.configure_doorkeeper(self)
# extra configuration goes below
end
Update your config/initializers/devise.rb
to call
Devise::Doorkeeper.configure_devise
.
# config/initializers/devise.rb
Devise.setup do |config|
Devise::Doorkeeper.configure_devise(config)
# extra configuration goes below
end
# example app/models/user.rb
class User
devise :doorkeeper
end
# example app/controllers/comments_controller.rb
class CommentsController < ApplicationController
before_action :authenticate_user!
def index
# this action is protected
# the devise-doorkeeper gem will permit access via valid OAuth2 tokens
end
end
Most API's should not create sessions for each API request.
This can be configured via the Devise skip_session_storage
setting.
# config/initializers/devise.rb
config.skip_session_storage = [:http_auth] # this is the default devise config
config.skip_session_storage << :doorkeeper # disable session storage for oauth requests
- Fork it ( https://github.com/betterup/devise-doorkeeper/fork )
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create a new Pull Request