Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Difference between Access Grant and Access Token

Tags:

ruby

ruby-on-rails

oauth-2.0

doorkeeper

I can't figure out the difference between Token and Grant in Doorkeeper. In which moment, Doorkeeper creates an Access Grant and when an Access Token? The documentation doesn't seems to say nothing about it and now I'm reading the code but is not a dozen lines.

like image 245
Tute Avatar asked Jan 27 '15 17:01

Tute

2 Answers

I recommend to also read the documentation of oauth2
As I understand, Doorkeeper is based on the protocol described in that documentation too.

In doorkeeper, you will get access grant first and then access token.

Access grant usually only lives very short (the default in doorkeeper is 10 minutes). You will get this by requesting GET to api-url/oauth/authorize (don't forget to put client_id, redirect_uri, and response_type as parameter. response_type will have value "code").

Once user allow the apps (user clicks "allow" button), doorkeeper will return the access grant as parameter in the returning url. Get that code and you can now use it to make POST request to api-url/oauth/token to get your access_token and refresh_token.

Using access_token, you can get the resources of the API in a limited time (Doorkeeper's default is one hour if I'm not mistaken). When acces_tooken expired, use refresh_token to get new access_token and so on.

In summary, access grant is the key that given as the sign that user has allowed the apps to use its resources.
Access token is the key that is given to permit an apps to use resources in a limited time which has defined.

Hope it can help.

like image 78
lutfianasari Avatar answered Oct 24 '22 01:10

lutfianasari

I'm assuming you're talking about the Web Server flow, as you're using a Ruby gem in a Rails app (as you know, there are 4 flows).

Usually in the Web Server flow, Grant is the moment when the user clicks in a link to consent authorization: he/she will be asked to authorize the app to read/write data.

If consent is granted, then the app will get a temp code. With this code, in the background, the app will ask the Token for the service provider.

Then, only with the Token, the app will be able to use the service provider APIs.

like image 44
Rael Gugelmin Cunha Avatar answered Oct 23 '22 23:10

Rael Gugelmin Cunha
Sign in to Comment

Related questions

Embed web page coded in Ruby on Rails in another web site?
Rails download file from show action?
ActiveAdmin action items depending on status of data
Why does f.label transform 'ALL' caps string to 'All' caps
Rails: Form Select From Array/List Instance Variable
Rails 4/Devise/MongoDB: "Unpermitted parameters" using custom properties and strong parameters
Rails seems to be creating objects in wrong time zone for created_at, updated_at values
how to give style to simple_form label?
Rails: Edit record in Bootstrap modal
Rails app crashes on Heroku
Unable to bundle install 'open-uri' [closed]
Can I define class methods with Module#concerning?
Rails ActiveRecord sort by count of join table associations
Use same controller for multiple routes?
Capybara webkit driver found overlaps element, how can I click one of them?
wkhtmltopdf error when generating pdf with lots of pages with header / footer
Is it possible to pass locals through a partial into another partial?
FactoryGirl Self-referencing association error
Rails configuration secret key base returning nil
Why does Rails 4.2 + responders keeps telling me to add responders to the Gemfile?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!