Allow authenticated Devise user to access Doorkeeper protected controller actions
Question
My API uses OAuth2 with Doorkeeper and authentication at the UI level is with Devise.
My app is made up of plain ol' slim files but I need to add an autocomplete search input which sends the query to one of the API endpoints via AJAX.
The user is authenticated via devise session and available as current_user but since the API endpoint is protected with before_action :doorkeeper_authorize! I get a 401.
Is there anyway to "bypass" the doorkeeper_authorize! is the user is already authenticated via Devise?
One option is to copy the action out of the API controller and add in my "normal" UI centric controller which is just protected with Devise but that's just ugly.
1 answers
solution1
0 2016-12-28 19:26:43
Here's a solution I used that worked for me.
before_filter :doorkeeper_authorize!, :unless => :logged_in?
I'm not using devise so I'm not familiar with the methods used for checking authentication, but I have a logged_in? method on my application_controller that will return true if the user is authenticated locally (via cookie). This short-circuits any of the Oauth checking.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.