I have a grape API that provides some endpoints, and doorkeeper to handle authorization. By default, doorkeeper enable authorization code grant as well as client credentials grant. So I can request an access token only with those two grants.
I wonder if there is a way in doorkeeper to limit or at least get the grant type used to request a provided access token?
For example, if someone request a token with the authorization code grant, when he is requesting a resource on the API, I want to know that he used the authorization code grant to get his token. I can then check for every request made if the given token is made from an authorization code grant or not and provide the resource or not.
I know there is application's scopes to handle specific authorization, but I wanted to know if there is a solution to this problem. This might not be a legit problem, I might be missing something from the OAuth specification, so all comments are welcome!
