I’m using Rails JSON API + Doorkeeper, so I want to let my mobile app that has client_id and client_secrete to request
POST /users to create a user without validating with access token. Currently, I create user directly in rails console, and mobile application uses Using Resource Owner Password Credentials flow to get token to access protected resources via API. In this code below, mobile application has to provide access token to be able to invoke
class UsersController < ApplicationController doorkeeper_for :all, except: :create def index ... end def create end end
create action doesn’t validate anything, so is there anyway to tell door_keeper to validate client_id and client_secret before allowing to invoke a particular action? I don’t want it to be public.