How to I implement normal doorkeeper oauth2 flow after the user authenticates through facebook through my mobile app?
PS I am using doorkeeper gem to implement an oauth2 provider for my mobile app. I use resource owner password credentials flow to implement authentication through user's username and password.
So if a user authenticates through facebook through the mobile app first, how do I authenticate a user through doorkeeper with the facebook access token. So no username/password present in this case(which doorkeeper throws out an error of missing params).
What is the correct way to implement this flow.
1. User authenticates from facebook through the mobile app.
2. Facebook access token is passed to the API server.
3. If the access token is valid, the api server returns the
doorkeeper access token.
4. In case the access token is not valid, the api server returns 401 Unauthorized.
What is the correct approach to implement this flow? Some guidance in the right direction is very much appreciated.
This extension to the existing doorkeeper grant flows, solves exactly this problem: https://github.com/doorkeeper-gem/doorkeeper-grants_assertion
The assertion flow is an exchange between a provider's access_token, for an access token from your oauth provider.
There is a pull request to fix "NoMethodError (undefined method 'resource_owner_from_assertion' for #)":
Change your Gemfile:
gem "doorkeeper-grants_assertion", github: "Inittec/doorkeeper-grants_assertion", branch: "master"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With