Gottfrois Doorkeeper Provider App Save

Rails sample API using Devise, Doorkeeper and OAuth2

Project README

Doorkeeper Provider App

Here you will find a Doorkeeper Provder demo using Devise and Mongoid 2.4.x.

Please see Doorkeeper for documentation on doorkeeper.

Please see OAuth2 for documentation on OAuth2 and to understand the requests calls below.

I used Ryan Bates railscast #353 to build this application. Some updates had been made to make it work with mongoid.

Getting started

Just clone the repository and launch the bundle command:

git clone git://github.com/gottfrois/doorkeeper-provider-app.git
cd doorkeeper-provider-app
bundle

Then start all services using foreman:

foreman start

If foreman is not installed yet, you can either start services manually or install foreman with:

gem install foreman

or manually start services:

mongod run --config /usr/local/etc/mongod.conf
bundle exec rails s -p 5100

Run the following rake command to seed the database:

bundle exec rake db:seed

This will create two users you can use to play with the application:

email: "[email protected]", password: "please"
email: "lee.do@myappcom", password: "please"

You are good to visit http://localhost:5100 and enjoy :)

API

This app provide basic API calls. The current API endpoints are:

GET /api/conversations
GET /api/conversations/:id
GET /api/conversations/:conversation_id/messages
GET /api/conversations/:conversation_id/messages/:id
GET /api/users
GET /api/users/me
POST /api/users
POST /api/conversations
PUT /api/conversations/:conversation_id/messages/:id
DELETE /api/conversations/:conversation_id/messages/:id

See routes file for more details.

All API controllers are under "app/controllers/api/v1/". Just create a new folder (namespace) to build a new API version.

See below how to make api call in rails console.

Manage applications

Run the server and go to http://localhost:5100/oauth/applications to see and manage authorized applications.

Tips

If you want to use this for registering a mobile client for example, you might want to skip the "authorize application" process. This way you won't have to ask your client to authorize on the server with a web browser. You will just get your token from the api server.

You can simulate a client using curl:

curl -i http://localhost:5100/oauth/token \
-F grant_type="client_credentials" \
-F client_id="your_application_id" \
-F client_secret="your_secret"

You can use user credentials to get the token without validations:

curl -i http://localhost:5100/oauth/token \
-F grant_type="password" \
-F username="a_user_email_address" \
-F password="a_user_password" \
-F client_id="your_application_id" \
-F client_secret="your_secret"

You can use irb console to test:

irb -r oauth2

Then in the console:

app_id = "your_app_id"
secret = "your_secret"
client = OAuth2::Client.new(app_id, secret, site: "http://localhost:5100")
access = OAuth2::AccessToken.from_hash(client, {"access_token" => "the_token_returned_from_curl_command","token_type" => "bearer","expires_in" => 7200})

access.get('/api/users').parsed
access.get('/api/users/me').parsed
access.get('/api/conversations').parsed
access.get('/api/conversations/some_id/').parsed
access.get('/api/conversations/some_id/messages').parsed

access.post('/api/users', body: {user: {email: '[email protected]', password: 'please'}}).parsed
access.post('/api/conversations', body: {conversation: {messages_attributes: [{body: 'foo'}]}}).parsed

access.put('/api/conversations/5022caba1de760379b000003/messages/5022caba1de760379b000004', body: {message: {body: 'new content'}}).parsed

access.delete('/api/conversations/5022caba1de760379b000003/messages/5022caba1de760379b000004').parsed

Note: When making the POST request on /api/users, you'll probable want to do it without a token you've got from curl passing some user's credentials. In another word, my example is made such that you can create a new user from an API call passing a valid token, but a token acquired without some user's credentials. Like the curl command we saw previously:

curl -i http://localhost:5100/oauth/token \
-F grant_type="client_credentials" \
-F client_id="your_application_id" \
-F client_secret="your_secret"

Then you could get a brand new token (and use this one for further requests if you want change the "current_user" context to your new user) acquired this time with your new user's credentials.

You might be cronfronted to some issues while requesting for an other domain (from a mobile application for example).

For this demo application, I have used rack-cors middleware in order to set HTTP headers to allow CORS.

That's it for now !

Open Source Agenda is not affiliated with "Gottfrois Doorkeeper Provider App" Project. README Source: gottfrois/doorkeeper-provider-app

Stars

Open Issues

Last Commit

10 months ago

Repository

gottfrois/doorkeeper-provider-app

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/gottfrois-doorkeeper-provider-app"><img src="https://www.opensourceagenda.com/projects/gottfrois-doorkeeper-provider-app/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog