Learning Doorkeeper

Question

I am trying to set up APIs for a broker application (users can buy/sell items when they are logged in). Developers should be able to build on top of my app. Aiming to use Devise and Doorkeeper gems. I have already set up Devise (so my users have to log in/log out of their accounts). But I am having problems understanding how to use Doorkeeper gem.

I have read through the following so far

RFC 6749

Doorkeeper wiki

Tutorial for Oauth 2 on Rails (Wasn't very helpful as I got stuck while following the steps)

Oauth with Doorkeeper railscast

Problem is - I still don't quite get how to set up my servers, create pages which other developers can register their app on, attain their keys,etc.

What am I missing, is there any comprehensive tutorial which I can learn from to set up my API for developers to register their app on, login on behalf of users and execute buy/sell orders?

Answer 1

Registering applications

Doorkeeper comes with integrated controllers/views to manage oauth applications, request access tokens and authorizations.

If you installed and configured doorkeeper correctly, these routes are defined in your rails application :

GET       /oauth/authorize/:code
GET       /oauth/authorize
POST      /oauth/authorize
DELETE    /oauth/authorize
POST      /oauth/token
POST      /oauth/revoke
resources /oauth/applications
GET       /oauth/authorized_applications
DELETE    /oauth/authorized_applications/:id
GET       /oauth/token/info

(See https://github.com/doorkeeper-gem/doorkeeper#routes )

When you go to /oauth/applications , you can add or remove oauth applications. This might help for your problem

create pages which other developers can register their app on, attain their keys

However, these are made for backend or quick setup purposes. It's not recommanded to use that in production. You can create controllers/views based on these to start with.

If you want to learn more about customizing these controllers/views, check these links :

• https://github.com/doorkeeper-gem/doorkeeper/wiki/Customizing-routes
• https://github.com/doorkeeper-gem/doorkeeper/wiki/Customizing-views

Setting up your API

If you don't use the Rails API mode , I recommend you use the grape gem, which is a framework for building APIs in Ruby. You can then mount your Grape::API application to a route of your Rails application.

Then, when users will register their applications, they will be asking for access grants (authorization code) for each individual user of their own applications. The /oauth/authorize routes are exactly that. They will use an OAuth2 client to build the authorize_url properly and setup their applications.

All this flow is compliant with the OAuth2 framework ( RFC 6749 ). But as you said; you read it, so you should understand what's going on behind the scene.

All you have to do is provide your API endpoints :

# in your API class that extends Grape::API
post 'orders/:id/buy' do
    # authorize a specific scope, this is just an example,
    # this might not suit your app design
    doorkeeper_authorize! :buy_order
    # you can get the resource owner id with and other token infos,
    # or put that in a helper method
    current_user = User.find(doorkeeper_token.resource_owner_id)
    # buy order logic goes here...
end

post 'orders/:id/sell' do
    doorkeeper_authorize! :sell_order
    current_user = User.find(doorkeeper_token.resource_owner_id)
    # sell order logic goes here...
end

Hope that can help!