What's the best way do integrate Devise, Doorkeeper and OAuth2?

Question

I have following question: is it possible and if so, what is the best way to integrate OAuth2, Devise and Doorkeeper? Of course my main goal is to protect RoR server where would be my API. Tokens only, no sessions.

I want to use Resource Owner Password Credentials flow. I'd have two registered applications: one in AngularJS and another is Android application, where ppl would have access to server's API.

Using Devise and Doorkeeper, is it possible to manage registrations by Devise? Or do I even need Devise to solve my problem? I have read about custom OAuth strategies - should I use it in my project?

Answer 1

Check out this example project that has a skeleton for using Devise, Doorkeeper, CanCan and rails-api.

https://github.com/rilian/devise-doorkeeper-cancan-api-example

From the README:

Rails API with a nice User management via devise gem, with both frontend forms and JSON access, and with a token-based OAuth authentication via doorkeeper. Sample authorization is done with cancancan and also is tested.

Features:

• User Signup
• Restore password
• Modify own user profile
• User password-based authentication
• Client application authentication
• Access with OAuth access_token
• Generate new access_token via refresh_token
• Authorization

I'm just getting started with Rails and Doorkeeper and I found it very useful to get a handle on the concepts and how things fit together.