Following the instructions (I thought) in the doorkeeper github readme, I got as far the before_action
.
class ReadingsController < ApplicationController
before_action :doorkeeper_authorize! # Require access token for all actions
...
end
RubyMine complains that :doorkeeper_authorize!
is not defined in scope.
If I run it anyhow, I get:
Processing by ReadingsController#index as HTML
Filter chain halted as :doorkeeper_authorize! rendered or redirected
Completed 401 Unauthorized in 48ms (ActiveRecord: 0.0ms)
on the console, and a completely blank result. It looks like the regular result page when I look at view source.
Well, is this failure, or is this actually telling me I'm unauthorized? And if it is, why do I do to wire up a redirect to allow someone to actually, well authenticate?
Following a working example I've built a while before, your code is failing in a completely unexpected place: in Doorkeeper's initializer in a block like this:
resource_owner_authenticator do
current_user || begin
session[:guest_return_url] = request.fullpath
redirect_to(user_omniauth_authorize_path(:facebook))
end
end
I do not know what do you have in that block, but in general it should return an object that should be treated as a resource owner. Doorkeeper failed because that block failed to do so. To implement this block in my example, I'm using Devise's current_user
helper and a fallback redirect_to
for when a user is not authenticated (this is executed in a before_action
after all).
So for Doorkeeper to "let you in" you need to tell it "how to recognize the owner". That is authentication that Doorkeeper doesn't handle.