Ruby OAuth 'doorkeeper' gem conditionals

0
votes

I am using the doorkeeper gem to use tokens to authenticate requests.

When I have doorkeeper_for configured as defined below, tokens are required, which is good and expected:

doorkeeper_for :all

When I set a conditional for doorkeeper_for to be the condition I actually want (allowing requests to local deployment endpoints without tokens)

doorkeeper_for :all, :unless => lambda { request.url =~ /http:\/\/(localhost|127.0.0.1|0.0.0.0):8080/

Or if I set this condition to any number of junk conditions:

doorkeeper_for :all, :if => lambda { true }

doorkeeper_for :all, :unless => lambda { true }

Then doorkeeper allows all requests to go through without tokens, which is bad and not expected.

Noting that I have a require 'doorkeeper' statement and that I've fiddled around with various include statements in my API controller such as include Doorkeeper::Helpers::Filter

This may have to do with a problem with Doorkeeper working with Grape, though again it is strange that it works just fine without the conditional. Any insight into why this is happening would be appreciated!

1
ruby-on-railsrubyoauthgrapedoorkeeper

1 Answers

0
votes

After speaking with the main contributor to doorkeeper-gem we've determined that it has to do with the use of Grape. This feature should work just fine with Rails based controllers: https://github.com/doorkeeper-gem/doorkeeper/issues/426

Grape itself is supposed to be a closer-to-the-metal API framework and isn't necessarily supposed to be used with Rails, which contributed to this issue.

As a final note, there is a gem specifically for integrating Grape and Doorkeeper gems: https://github.com/fuCtor/grape-doorkeeper