Validate client app instead of access_token on some actions in door_keeper?

I’m using Rails JSON API + Doorkeeper, so I want to let my mobile app that has client_id and client_secrete to request POST /users to create a user without validating with access token. Currently, I create user directly in rails console, and mobile application uses Using Resource Owner Password Credentials flow to get token to access protected resources via API. In this code below, mobile application has to provide access token to be able to invoke index action:

class UsersController < ApplicationController
  doorkeeper_for :all, except: :create

  def index

  def create

Currently, create action doesn’t validate anything, so is there anyway to tell door_keeper to validate client_id and client_secret before allowing to invoke a particular action? I don’t want it to be public.

I’ve not used doorkeeper before. For questions specific to particular libraries, I’d suggest stack overflow.

1 Like