Chr*_*uci 3 ruby-on-rails access-token oauth-2.0 doorkeeper
我正在为我的一个Rails应用程序设置Doorkeeper和OAuth2.我的目标是允许api访问用户,具体取决于他们的access_token,以便只有用户才能看到他们的'user_show'json.到目前为止,我已经在'oauth2/applications'路线上设置和授权我的开发和生产应用程序.
我的'/config/initializers/doorkeeper.rb'
Doorkeeper.configure do
# Change the ORM that doorkeeper will use.
# Currently supported options are :active_record, :mongoid2, :mongoid3,
# :mongoid4, :mongo_mapper
orm :active_record
# This block will be called to check whether the resource owner is authenticated or not.
resource_owner_authenticator do
# Put your resource owner authentication logic here.
# Example implementation:
User.find_by_id(session[:current_user_id]) || redirect_to('/')
end
end
我的'/api/v1/user/controller.rb'看起来像这样:
class Api::V1::UserController < Api::ApiController
include ActionController::MimeResponds
before_action :doorkeeper_authorize!
def index
user = User.find(doorkeeper_token.resource_owner_id)
respond_with User.all
end
def show
user = User.find(doorkeeper_token.resource_owner_id)
respond_with user
end
end
我试图访问OAuth应用程序表以查看正在创建的内容,但我无法在rails控制台中访问它.
在此先感谢您的见解!
门卫似乎找不到任何令牌.
确保您使用?access_token=#{token}或?bearer_token=#{token}通过使用Bearer Authorization在标头中提供此令牌来发送它.
您还需要记住,令牌只能与应用程序关联,而不需要资源所有者.所以,即使使用有效的令牌,resource_owner_id价值也是nil如此.它取决于您正在使用的授权流程(客户端凭据流与资源所有者无关).请参阅https://github.com/doorkeeper-gem/doorkeeper/wiki#flows
对于OAuth表,请Doorkeeper::AccessToken.all在rails控制台中尝试.
希望这有帮助
| 归档时间: |
|
| 查看次数: |
1231 次 |
| 最近记录: |