Doorkeeper OAuth application table is necessary for authorization?

Question

I'm trying to add the Doorkeeper plus devise with google and facebook user authorization on API!

I followed this post https://www.vic-l.com/jwt-with-refresh-token-using-devise-and-doorkeeper-without-authorization

And this: https://naturaily.com/blog/api-authentication-devise-doorkeeper-setup

To start with, both remove the oauth_applications table.

I've done as the tutorials but I'm getting this response:

response_code: "doorkeeper.errors.messages.unsupported_grant_type",…}
response_code: "doorkeeper.errors.messages.unsupported_grant_type"
response_message: "The authorization grant type is not supported by the authorization server."
state: nul 

So I would like to know if is necessary the oauth_applications table and set the clients to authorize.

Answer 1

Articles you've mentioned uses Resource Owner Password Flow, ie they are authenticating the user via credentials to give an access to a resources with an access token. See the configuration option:

 grant_flows %w[password]

In such case yeah, you don't need applications (clients which will interact with the API). But if you want to show an authorization window for your customers you should use Authorization Code Flow (from your response I see you're trying to invoke exactly this flow).