It appears the doorkeeper gem assumes you have a session from which to pull the current user from. At least that's the impression I get from config method resource_owner_authenticator. Is this correct?
I was hoping to implement a stateless (no sessions) REST only rails app where the user state is instead held in a signed JWT access token and is passed by the client to the server on every request. I'm using the access_token_generator to generate the signed JWT for the password grant flow.
Also doorkeeper_authorize! looks up the access token in the database to authenticate every request and check the token expiration. I would prefer to simply check the validity of the JWT signature and then verify the JWT is not expired using the exp claim in the JWT payload.
Is it possible to use a JWT access token in this way with doorkeeper? Perhaps I'm missing something obvious. I've already taken a look at doorkeeper-jwt but it doesn't address these concerns.
