← Back to Upcase

Validate client app instead of access_token on some actions in door_keeper?


(Samnang Chhun) #1

I’m using Rails JSON API + Doorkeeper, so I want to let my mobile app that has client_id and client_secrete to request POST /users to create a user without validating with access token. Currently, I create user directly in rails console, and mobile application uses Using Resource Owner Password Credentials flow to get token to access protected resources via API. In this code below, mobile application has to provide access token to be able to invoke index action:

class UsersController < ApplicationController
  doorkeeper_for :all, except: :create

  def index
    ...
  end

  def create
  end
end

Currently, create action doesn’t validate anything, so is there anyway to tell door_keeper to validate client_id and client_secret before allowing to invoke a particular action? I don’t want it to be public.


(Derek Prior) #2

I’ve not used doorkeeper before. For questions specific to particular libraries, I’d suggest stack overflow.