Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Authentication with doorkeeper after facebook authentication

How to I implement normal doorkeeper oauth2 flow after the user authenticates through facebook through my mobile app?

PS I am using doorkeeper gem to implement an oauth2 provider for my mobile app. I use resource owner password credentials flow to implement authentication through user's username and password.

So if a user authenticates through facebook through the mobile app first, how do I authenticate a user through doorkeeper with the facebook access token. So no username/password present in this case(which doorkeeper throws out an error of missing params).

What is the correct way to implement this flow.

 1. User authenticates from facebook through the mobile app.
 2. Facebook access token is passed to the API server.
 3. If the access token is valid, the api server returns the
    doorkeeper access token.
 4. In case the access token is not valid, the api server returns 401 Unauthorized.

What is the correct approach to implement this flow? Some guidance in the right direction is very much appreciated.

like image 333
Anidhya Ahuja Avatar asked Oct 08 '13 06:10

Anidhya Ahuja


2 Answers

This extension to the existing doorkeeper grant flows, solves exactly this problem: https://github.com/doorkeeper-gem/doorkeeper-grants_assertion

The assertion flow is an exchange between a provider's access_token, for an access token from your oauth provider.

like image 156
Edo Avatar answered Sep 28 '22 11:09

Edo


There is a pull request to fix "NoMethodError (undefined method 'resource_owner_from_assertion' for #)":

Change your Gemfile:

gem "doorkeeper-grants_assertion", github: "Inittec/doorkeeper-grants_assertion", branch: "master"

like image 40
Grant Gould Avatar answered Sep 28 '22 11:09

Grant Gould