Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement #valid_doorkeeper_token? to support #doorkeeper_authorize! #37

Open
cmitz opened this issue Jan 3, 2020 · 3 comments
Open

Implement #valid_doorkeeper_token? to support #doorkeeper_authorize! #37

cmitz opened this issue Jan 3, 2020 · 3 comments

Comments

@cmitz
Copy link

cmitz commented Jan 3, 2020
edited

In a doorkeeper-protected application, a controller could look like this:

class Api::V1::MyController < ApplicationController
  before_action :doorkeeper_authorize!, only: %i[show create destroy]
  ...
end

However, when using Doorkeeper::JWT to generate access tokens this commonly used pattern breaks since a Doorkeeper::JWT token is just a string...

The before_action :doorkeeper_authorize! way of authenticating calls breaks here, because it expects a doorkeeper_token to implement the acceptable? method:
https://github.com/doorkeeper-gem/doorkeeper/blob/4dc432c74a424c85e141b131939faafa98a916fc/lib/doorkeeper/rails/helpers.rb#L16

I have only just started my sideproject and Doorkeeper is relatively new to me, but would it work if Doorkeeper::JWT tokens extend the token mixin?
https://github.com/doorkeeper-gem/doorkeeper/blob/v5.2.1/lib/doorkeeper/models/access_token_mixin.rb#L275
@nbulaj
Copy link
Member

nbulaj commented May 25, 2020

Hi @cmitz . I don't sure I understand your problem

Doorkeeper::JWT generate a JWT token that is stored then in the database. doorkeeper_authorize! retrieves the token from the request, finds a Doorkeeper::AccessToken instance using it and then checks the scopes.

So I don't sure which issue you're describing. Maybe you could prepare a RSpec example to show it? Thanks!

@cmitz
Copy link
Author

cmitz commented May 26, 2020

I encountered this in a hobby application that I threw away when I finished playing with it, so I can't reproduce it very easily. I recall getting an error that acceptable? was not a function defined for String. So somewhere in the logic the token got converted to a string...

I will try to find some time in the coming days to try and come up with an rspec example.

@nbulaj
Copy link
Member

nbulaj commented May 26, 2020

I recall getting an error that acceptable? was not a function defined for String. So somewhere in the logic the token got converted to a string...

This is super strange just because doorkeeper_token must be an instance of Doorkeeper::AccessToken (https://github.com/doorkeeper-gem/doorkeeper/blob/4dc432c74a424c85e141b131939faafa98a916fc/lib/doorkeeper/rails/helpers.rb#L72-L77) that implements this method, and not a string 🤔

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nbulaj @cmitz