I’m using Rails JSON API + Doorkeeper, so I want to let my mobile app that has client_id and client_secrete to request POST /users to create a user without validating with access token. Currently, I create user directly in rails console, and mobile application uses Using Resource Owner Password Credentials flow to get token to access protected resources via API. In this code below, mobile application has to provide access token to be able to invoke index action:
class UsersController < ApplicationController
doorkeeper_for :all, except: :create
def index
...
end
def create
end
end
Currently, create action doesn’t validate anything, so is there anyway to tell door_keeper to validate client_id and client_secret before allowing to invoke a particular action? I don’t want it to be public.