POSTing in OAuth with client credentials with Doorkeeper

Question

I've implemented a REST API and protected it with doorkeeper. I've written a small client program to access it and it works fine using the resource owner credential flow.

Now I'm trying to implement a call using the client credentials flow. So I've followed the example in the link.

Everything works great when I'm using a GET request, but when I'm using a POST request, I'm getting a 401 Unauthorized. This is a call to a method that doesn't require a resource owner.

The only relevant thing I have in my API controller is:

doorkeeper_for :all

I haven't implemented any scopes or nothing of that kind (am I required to?).

My client code looks like this (exactly as in the example in github):

require 'rest-client'
require 'json'

client_id = 'my_client_id...'
client_secret = 'my_client_secret...'

response = RestClient.post 'http://localhost:3000/oauth/token', {
  grant_type: 'client_credentials',
  client_id: client_id,
  client_secret: client_secret
}
token = JSON.parse(response)["access_token"]

# this line works great:
RestClient.get 'http://localhost:3000/api/v1/flights.json', { 'Authorization' => "Bearer #{token}" }
# this line always fails (401 Unauthorized):
RestClient.post 'http://localhost:3000/api/v1/flights.json', { 'Authorization' => "Bearer #{token}" }

Any idea what I may be doing wrong? Is there something special I should do in my application in order to enable the client credentials flow?

Answer 1

I figured it out. The problem was that I didn't use RestClient.post properly. The second parameter should be the payload and the third should be the header. It should be something like this:

RestClient.post 'http://localhost:3000/api/v1/flights.json', {}, { 'Authorization' => "Bearer #{token}" }