Skip to content

API endpoint descriptions and examples

Richard Böhme edited this page Jul 22, 2022 · 27 revisions

Routes in our system

   native_oauth_authorization GET    /oauth/authorize/native(.:format)                  doorkeeper/authorizations#show
          oauth_authorization GET    /oauth/authorize(.:format)                         doorkeeper/authorizations#new
                              POST   /oauth/authorize(.:format)                         doorkeeper/authorizations#create
                              DELETE /oauth/authorize(.:format)                         doorkeeper/authorizations#destroy
                  oauth_token POST   /oauth/token(.:format)                             doorkeeper/tokens#create
             oauth_token_info GET    /oauth/token/info(.:format)
                 oauth_revoke POST   /oauth/revoke(.:format)                            doorkeeper/tokens#revoke
             oauth_introspect POST   /oauth/introspect(.:format)                        doorkeeper/tokens#introspect
           oauth_applications GET    /oauth/applications(.:format)                      doorkeeper/applications#index
                              POST   /oauth/applications(.:format)                      doorkeeper/applications#create
            oauth_application GET    /oauth/applications/:id(.:format)                  doorkeeper/applications#show
                              PATCH  /oauth/applications/:id(.:format)                  doorkeeper/applications#update
                              PUT    /oauth/applications/:id(.:format)                  doorkeeper/applications#update
                              DELETE /oauth/applications/:id(.:format)                  doorkeeper/applications#destroy

General description:

What follows are descriptions, sample usage, outputs, and server outputs for each of the Doorkeeper API endpoints.

GET /oauth/authorize/native

Provides a page with the authorization code.

curl command

curl http://localhost:3000/oauth/authorize/native?code=fd0847dbb559752d932dd3c1ac34ff98d27b11fe2fea5a864f44740cd7919ad0

command output

HTML page that includes the following content:

<h3>Authorization code:</h3>
<code id="authorization_code">fd0847dbb559752d932dd3c1ac34ff98d27b11fe2fea5a864f44740cd7919ad0</code>

server output

Started GET "/oauth/authorize/native" for 127.0.0.1 at 2014-02-26 17:42:14 -0500
Processing by Doorkeeper::AuthorizationsController#show as */*
Parameters: {"code"=>"fd0847dbb559752d932dd3c1ac34ff98d27b11fe2fea5a864f44740cd7919ad0"}
User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."email" IS NULL LIMIT 1
Rendered /Users/dclo/.rbenv/versions/1.9.3-p484/lib/ruby/gems/1.9.1/bundler/gems/doorkeeper-e0c826aff1ec/app/views/doorkeeper/authorizations/show.html.erb within layouts/application (4.8ms)
Rendered layouts/_header.html.erb (0.4ms)
Rendered layouts/_flash.html.erb (0.5ms)

POST /oauth/authorize

Post here with response_type=code, client_id, client_secret, redirect_uri, and username. Will create and return an authorization code, then redirect to GET /oauth/authorize/:code with the authorization code. This endpoint corresponds to the OAuth 2 authorization endpoint, section 3.1

curl command

curl -F response_type=code \
-F client_id=9b36d8c0db59eff5038aea7a417d73e69aea75b41aac771816d2ef1b3109cc2f \
-F client_secret=d6ea27703957b69939b8104ed4524595e210cd2e79af587744a7eb6e58f5b3d2 \
-F redirect_uri=urn:ietf:wg:oauth:2.0:oob \
-F username=user@example.com \
-X POST http://localhost:3000/oauth/authorize

command output

Redirect to the GET /oauth/authorize/native path.

<html><body>You are being <a href="http://localhost:3000/oauth/authorize/native?code=fd0847dbb559752d932dd3c1ac34ff98d27b11fe2fea5a864f44740cd7919ad0">redirected</a>.</body></html>

server output

Started POST "/oauth/authorize" for 127.0.0.1 at 2014-02-26 17:36:40 -0500
Processing by Doorkeeper::AuthorizationsController#create as */*
Parameters: {"response_type"=>"code", "client_id"=>"9b36d8c0db59eff5038aea7a417d73e69aea75b41aac771816d2ef1b3109cc2f", "client_secret"=>"d6ea27703957b69939b8104ed4524595e210cd2e79af587744a7eb6e58f5b3d2", "redirect_uri"=>"urn:ietf:wg:oauth:2.0:oob", "username"=>"user@example.com"}
User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."email" = 'user@example.com' LIMIT 1
Doorkeeper::Application Load (0.2ms)  SELECT "oauth_applications".* FROM "oauth_applications" WHERE "oauth_applications"."uid" = '9b36d8c0db59eff5038aea7a417d73e69aea75b41aac771816d2ef1b3109cc2f' LIMIT 1
CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."email" = 'user@example.com' LIMIT 1
             (0.1ms)  SELECT 1 FROM "oauth_access_grants" WHERE "oauth_access_grants"."token" = 'fd0847dbb559752d932dd3c1ac34ff98d27b11fe2fea5a864f44740cd7919ad0' LIMIT 1
               SQL (0.5ms)  INSERT INTO "oauth_access_grants" ("application_id", "created_at", "expires_in", "redirect_uri", "resource_owner_id", "revoked_at", "scopes", "token") VALUES (?, ?, ?, ?, ?, ?, ?, ?)  [["application_id", 1], ["created_at", Wed, 26 Feb 2014 22:36:48 UTC +00:00], ["expires_in", 600], ["redirect_uri", "urn:ietf:wg:oauth:2.0:oob"], ["resource_owner_id", 1], ["revoked_at", nil], ["scopes", "public"], ["token", "fd0847dbb559752d932dd3c1ac34ff98d27b11fe2fea5a864f44740cd7919ad0"]]
Redirected to http://localhost:3000/oauth/authorize/native?code=fd0847dbb559752d932dd3c1ac34ff98d27b11fe2fea5a864f44740cd7919ad0

DELETE /oauth/authorize

Denies authorization request (like Cancel button). Redirects back to the requester with Access Denied message and URL parameter.

curl command

curl -F response_type=token \
-F access_token=dbaf97579826846f45fa37a923a4387474070e04323b22f499b7227a860bac920b0ee6560c2  \
-F client_id=9b36d8c0db59eff5038aea7a417d73e69aea75b41aac771816d2ef1b3109cc2f \
-F client_secret=d6ea27703957b69939b8104ed4524595e210cd2e79af587744a7eb6e58f5b3d2 \
-F redirect_uri=urn:ietf:wg:oauth:2.0:oob \
-F username=user@example.com \
-X DELETE http://localhost:3000/oauth/authorize

command output

Redirect to redirect_uri

server output

Started DELETE "/oauth/authorize" for 127.0.0.1 at 2014-02-26 19:53:59 -0500
  Processing by Doorkeeper::AuthorizationsController#destroy as */*
  Parameters: {"response_type"=>"token", "access_token"=>"dbaf97579826846f45fa37a923a4387474070e04323b22f499b7227a860bac920b0ee6560c2", "client_id"=>"9b36d8c0db59eff5038aea7a417d73e69aea75b41aac771816d2ef1b3109cc2f", "client_secret"=>"d6ea27703957b69939b8104ed4524595e210cd2e79af587744a7eb6e58f5b3d2", "redirect_uri"=>"urn:ietf:wg:oauth:2.0:oob", "username"=>"user@example.com"}
  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."email" = 'user@example.com' LIMIT 1
  Doorkeeper::Application Load (0.2ms)  SELECT "oauth_applications".* FROM "oauth_applications" WHERE "oauth_applications"."uid" = '9b36d8c0db59eff5038aea7a417d73e69aea75b41aac771816d2ef1b3109cc2f' LIMIT 1
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."email" = 'user@example.com' LIMIT 1
Redirected to urn:ietf:wg:oauth:2.0:oob#error=access_denied&error_description=The+resource+owner+or+authorization+server+denied+the+request.
Completed 302 Found in 1621ms

POST /oauth/token

Post here with authorization code for authorization code grant type or username and password for password grant type, or refresh token for refresh token type. This corresponds to the token endpoint, section 3.2 of the OAuth 2 RFC

curl command, authorization code grant

curl -F grant_type=authorization_code \
-F client_id=9b36d8c0db59eff5038aea7a417d73e69aea75b41aac771816d2ef1b3109cc2f \
-F client_secret=d6ea27703957b69939b8104ed4524595e210cd2e79af587744a7eb6e58f5b3d2 \
-F code=fd0847dbb559752d932dd3c1ac34ff98d27b11fe2fea5a864f44740cd7919ad0 \
-F redirect_uri=urn:ietf:wg:oauth:2.0:oob \
-X POST http://localhost:3000/oauth/token

command output

{"access_token":"dbaf9757982a9e738f05d249b7b5b4a266b3a139049317c4909f2f263572c781","token_type":"bearer","expires_in":7200,"refresh_token":"76ba4c5c75c96f6087f58a4de10be6c00b29ea1ddc3b2022ee2016d1363e3a7c","scope":"public"}

server output

Started POST "/oauth/token" for 127.0.0.1 at 2014-02-26 17:52:28 -0500
  Processing by Doorkeeper::TokensController#create as */*
  Parameters: {"grant_type"=>"authorization_code", "client_id"=>"9b36d8c0db59eff5038aea7a417d73e69aea75b41aac771816d2ef1b3109cc2f", "client_secret"=>"d6ea27703957b69939b8104ed4524595e210cd2e79af587744a7eb6e58f5b3d2", "code"=>"7f0af71e623fc76cc0bf91bbcf5686c450b9a2fcacfd31c0b069431a0cb5328c", "redirect_uri"=>"urn:ietf:wg:oauth:2.0:oob"}
  Doorkeeper::AccessGrant Load (0.2ms)  SELECT "oauth_access_grants".* FROM "oauth_access_grants" WHERE "oauth_access_grants"."token" = '7f0af71e623fc76cc0bf91bbcf5686c450b9a2fcacfd31c0b069431a0cb5328c' LIMIT 1
  Doorkeeper::Application Load (0.2ms)  SELECT "oauth_applications".* FROM "oauth_applications" WHERE "oauth_applications"."uid" = '9b36d8c0db59eff5038aea7a417d73e69aea75b41aac771816d2ef1b3109cc2f' AND "oauth_applications"."secret" = 'd6ea27703957b69939b8104ed4524595e210cd2e79af587744a7eb6e58f5b3d2' LIMIT 1
  SQL (2.7ms)  UPDATE "oauth_access_grants" SET "revoked_at" = '2014-02-26 22:52:28' WHERE "oauth_access_grants"."id" = 5
   (0.2ms)  SELECT 1 FROM "oauth_access_tokens" WHERE "oauth_access_tokens"."token" = 'dbaf9757982a9e738f05d249b7b5b4a266b3a139049317c4909f2f263572c781' LIMIT 1
   (0.1ms)  SELECT 1 FROM "oauth_access_tokens" WHERE "oauth_access_tokens"."refresh_token" = '76ba4c5c75c96f6087f58a4de10be6c00b29ea1ddc3b2022ee2016d1363e3a7c' LIMIT 1
  SQL (0.6ms)  INSERT INTO "oauth_access_tokens" ("application_id", "created_at", "expires_in", "refresh_token", "resource_owner_id", "revoked_at", "scopes", "token") VALUES (?, ?, ?, ?, ?, ?, ?, ?)  [["application_id", 1], ["created_at", Wed, 26 Feb 2014 22:52:28 UTC +00:00], ["expires_in", 7200], ["refresh_token", "76ba4c5c75c96f6087f58a4de10be6c00b29ea1ddc3b2022ee2016d1363e3a7c"], ["resource_owner_id", 1], ["revoked_at", nil], ["scopes", "public"], ["token", "dbaf9757982a9e738f05d249b7b5b4a266b3a139049317c4909f2f263572c781"]]
Completed 200 OK in 18ms

curl command, password grant

Versions of Doorkeeper at and prior to 0.7.x might also require the client_id and client_secret. This API call will invoke the resource_owner_from_credentials defined in config/initializers/doorkeeper.rb to convert the username and password into a user.

curl -F grant_type=password \
-F username=user@example.com \
-F password=doorkeeper \
-X POST http://localhost:3000/oauth/token

command output

{"access_token":"0ddb922452c983a70566e30dce16e2017db335103e35d783874c448862a78168",
"token_type":"bearer",
"expires_in":7200,
"refresh_token":"f2188c4165d912524e04c6496d10f06803cc08ed50271a0b0a73061e3ac1c06c",
"scope":"public"}

server output

Started POST "/oauth/token" for 127.0.0.1 at 2014-02-26 17:56:17 -0500
  Processing by Doorkeeper::TokensController#create as */*
  Parameters: {"grant_type"=>"password", "username"=>"user@example.com", "password"=>"[FILTERED]"}
  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."email" = 'user@example.com' LIMIT 1
   (0.2ms)  SELECT 1 FROM "oauth_access_tokens" WHERE "oauth_access_tokens"."token" = '0ddb922452c983a70566e30dce16e2017db335103e35d783874c448862a78168' LIMIT 1
   (0.1ms)  SELECT 1 FROM "oauth_access_tokens" WHERE "oauth_access_tokens"."refresh_token" = 'f2188c4165d912524e04c6496d10f06803cc08ed50271a0b0a73061e3ac1c06c' LIMIT 1
  SQL (0.6ms)  INSERT INTO "oauth_access_tokens" ("application_id", "created_at", "expires_in", "refresh_token", "resource_owner_id", "revoked_at", "scopes", "token") VALUES (?, ?, ?, ?, ?, ?, ?, ?)  [["application_id", nil], ["created_at", Wed, 26 Feb 2014 22:56:17 UTC +00:00], ["expires_in", 7200], ["refresh_token", "f2188c4165d912524e04c6496d10f06803cc08ed50271a0b0a73061e3ac1c06c"], ["resource_owner_id", 1], ["revoked_at", nil], ["scopes", "public"], ["token", "0ddb922452c983a70566e30dce16e2017db335103e35d783874c448862a78168"]]
Completed 200 OK in 106ms

curl command, refresh token grant

curl -F grant_type=refresh_token \
-F client_id=9b36d8c0db59eff5038aea7a417d73e69aea75b41aac771816d2ef1b3109cc2f \
-F client_secret=d6ea27703957b69939b8104ed4524595e210cd2e79af587744a7eb6e58f5b3d2 \
-F refresh_token=c65b265611713028344a2c285dfdc4e28f9ce2dbc36b9f7e12f626a3d106a304 \
-X POST http://localhost:3000/oauth/token

command output

{"access_token":"ad0b5847cb7d254f1e2ff1910275fe9dcb95345c9d54502d156fe35a37b93e80",
"token_type":"bearer",
"expires_in":30,
"refresh_token":"cc38f78a5b8abe8ee81cdf25b1ca74c3fa10c3da2309de5ac37fde00cbcf2815",
"scope":"public"}

server output

Started POST "/oauth/token" for 127.0.0.1 at 2014-02-26 20:06:38 -0500
  Processing by Doorkeeper::TokensController#create as */*
  Parameters: {"grant_type"=>"refresh_token", "client_id"=>"9b36d8c0db59eff5038aea7a417d73e69aea75b41aac771816d2ef1b3109cc2f", "client_secret"=>"d6ea27703957b69939b8104ed4524595e210cd2e79af587744a7eb6e58f5b3d2", "refresh_token"=>"c65b265611713028344a2c285dfdc4e28f9ce2dbc36b9f7e12f626a3d106a304"}
  Doorkeeper::AccessToken Load (0.2ms)  SELECT "oauth_access_tokens".* FROM "oauth_access_tokens" WHERE "oauth_access_tokens"."refresh_token" = 'c65b265611713028344a2c285dfdc4e28f9ce2dbc36b9f7e12f626a3d106a304' LIMIT 1
  Doorkeeper::Application Load (0.3ms)  SELECT "oauth_applications".* FROM "oauth_applications" WHERE "oauth_applications"."uid" = '9b36d8c0db59eff5038aea7a417d73e69aea75b41aac771816d2ef1b3109cc2f' AND "oauth_applications"."secret" = 'd6ea27703957b69939b8104ed4524595e210cd2e79af587744a7eb6e58f5b3d2' LIMIT 1
  SQL (1.0ms)  UPDATE "oauth_access_tokens" SET "revoked_at" = '2014-02-27 01:06:38' WHERE "oauth_access_tokens"."id" = 88
   (0.3ms)  SELECT 1 FROM "oauth_access_tokens" WHERE "oauth_access_tokens"."token" = 'ad0b5847cb7d254f1e2ff1910275fe9dcb95345c9d54502d156fe35a37b93e80' LIMIT 1
   (0.1ms)  SELECT 1 FROM "oauth_access_tokens" WHERE "oauth_access_tokens"."refresh_token" = 'cc38f78a5b8abe8ee81cdf25b1ca74c3fa10c3da2309de5ac37fde00cbcf2815' LIMIT 1
  SQL (0.9ms)  INSERT INTO "oauth_access_tokens" ("application_id", "created_at", "expires_in", "refresh_token", "resource_owner_id", "revoked_at", "scopes", "token") VALUES (?, ?, ?, ?, ?, ?, ?, ?)  [["application_id", 1], ["created_at", Thu, 27 Feb 2014 01:06:38 UTC +00:00], ["expires_in", 30], ["refresh_token", "cc38f78a5b8abe8ee81cdf25b1ca74c3fa10c3da2309de5ac37fde00cbcf2815"], ["resource_owner_id", 1], ["revoked_at", nil], ["scopes", "public"], ["token", "ad0b5847cb7d254f1e2ff1910275fe9dcb95345c9d54502d156fe35a37b93e80"]]
Completed 200 OK in 18ms

failed response (invalid username, password, or code)

command output

{"error":"invalid_grant",
"error_description":"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}

server output

Started POST "/oauth/token" for 127.0.0.1 at 2015-08-24 16:59:31 -0700
Processing by Doorkeeper::TokensController#create as */*
  Parameters: {"grant_type"=>"password", "username"=>"grape@swagger.com", "password"=>"[FILTERED]"}
  User Load (0.1ms)  SELECT  "users".* FROM "users" WHERE "users"."email" = ?  ORDER BY "users"."id" ASC LIMIT 1  [["email", "grape@swagger.com"]]
Completed 401 Unauthorized in 94ms

POST /oauth/revoke

Post here with client credentials (in basic auth or in params client_id and client_secret) to revoke an access/refresh token. This corresponds to the token endpoint, using the OAuth 2.0 Token Revocation RFC (RFC 7009).

curl command, token revoke with client credentials in params

curl -F client_id=9b36d8c0db59eff5038aea7a417d73e69aea75b41aac771816d2ef1b3109cc2f \
-F client_secret=d6ea27703957b69939b8104ed4524595e210cd2e79af587744a7eb6e58f5b3d2 \
-F token=dbaf9757982a9e738f05d249b7b5b4a266b3a139049317c4909f2f263572c781 \
-X POST http://localhost:3000/oauth/revoke

command output

{}

server output

Started POST "/oauth/revoke" for 127.0.0.1 at 2014-02-26 17:52:28 -0500
  Processing by Doorkeeper::TokensController#revoke as */*
  Parameters: {"client_id"=>"9b36d8c0db59eff5038aea7a417d73e69aea75b41aac771816d2ef1b3109cc2f", "client_secret"=>"d6ea27703957b69939b8104ed4524595e210cd2e79af587744a7eb6e58f5b3d2", "token"=>"dbaf9757982a9e738f05d249b7b5b4a266b3a139049317c4909f2f263572c781"}
  Doorkeeper::AccessToken Load (0.2ms)  SELECT  "oauth_access_tokens".* FROM "oauth_access_tokens" WHERE "oauth_access_tokens"."token" = $1 LIMIT 1  [["token", "dbaf9757982a9e738f05d249b7b5b4a266b3a139049317c4909f2f263572c781"]]
  Doorkeeper::Application Load (0.2ms)  SELECT "oauth_applications".* FROM "oauth_applications" WHERE "oauth_applications"."uid" = '9b36d8c0db59eff5038aea7a417d73e69aea75b41aac771816d2ef1b3109cc2f' AND "oauth_applications"."secret" = 'd6ea27703957b69939b8104ed4524595e210cd2e79af587744a7eb6e58f5b3d2' LIMIT 1
  SQL (0.2ms)  UPDATE "oauth_access_tokens" SET "revoked_at" = $1 WHERE "oauth_access_tokens"."id" = $2  [["revoked_at", "2016-09-02 17:13:13.677099"], ["id", 41]]
Completed 200 OK in 5ms

curl command, token revoke with client credentials in basic auth

Versions of Doorkeeper at and prior to 0.7.x might also require the client_id and client_secret. This API call will invoke the resource_owner_from_credentials defined in config/initializers/doorkeeper.rb to convert the username and password into a user.

curl -F token=dbaf9757982a9e738f05d249b7b5b4a266b3a139049317c4909f2f263572c781 \
-u '9b36d8c0db59eff5038aea7a417d73e69aea75b41aac771816d2ef1b3109cc2f:d6ea27703957b69939b8104ed4524595e210cd2e79af587744a7eb6e58f5b3d2' \
-X POST http://localhost:3000/oauth/revoke

command output

{}

server output

Started POST "/oauth/revoke" for 127.0.0.1 at 2014-02-26 17:52:28 -0500
  Processing by Doorkeeper::TokensController#revoke as */*
  Parameters: {"token"=>"dbaf9757982a9e738f05d249b7b5b4a266b3a139049317c4909f2f263572c781"}
  Doorkeeper::AccessToken Load (0.2ms)  SELECT  "oauth_access_tokens".* FROM "oauth_access_tokens" WHERE "oauth_access_tokens"."token" = $1 LIMIT 1  [["token", "dbaf9757982a9e738f05d249b7b5b4a266b3a139049317c4909f2f263572c781"]]
  Doorkeeper::Application Load (0.2ms)  SELECT "oauth_applications".* FROM "oauth_applications" WHERE "oauth_applications"."uid" = '9b36d8c0db59eff5038aea7a417d73e69aea75b41aac771816d2ef1b3109cc2f' AND "oauth_applications"."secret" = 'd6ea27703957b69939b8104ed4524595e210cd2e79af587744a7eb6e58f5b3d2' LIMIT 1
  SQL (0.2ms)  UPDATE "oauth_access_tokens" SET "revoked_at" = $1 WHERE "oauth_access_tokens"."id" = $2  [["revoked_at", "2016-09-02 17:13:13.677099"], ["id", 41]]
Completed 200 OK in 5ms

POST /oauth/introspect

Post here with client credentials (in basic auth or in params client_id and client_secret) or with Bearer token to introspect an access/refresh token. This corresponds to the token endpoint, using the RFC7662 - OAuth 2.0 Token Introspection.

curl command, token revoke with client credentials in params

curl -F client_id=9b36d8c0db59eff5038aea7a417d73e69aea75b41aac771816d2ef1b3109cc2f \
-F client_secret=d6ea27703957b69939b8104ed4524595e210cd2e79af587744a7eb6e58f5b3d2 \
-F token=dbaf9757982a9e738f05d249b7b5b4a266b3a139049317c4909f2f263572c781 \
-X POST http://localhost:3000/oauth/introspect

GET /oauth/applications

curl command

curl http://localhost:3000/oauth/applications 

command output

HTML page with tabular list of authorized application clients
        <tr id="application_1">
          <td><a href="/oauth/applications/1">Doorkeeper Sinatra Client</a></td>
          <td>urn:ietf:wg:oauth:2.0:oob</td>
          <td><a href="/oauth/applications/1/edit">Edit</a></td>
          <td><a href="/oauth/applications/1" data-confirm="Are you sure?" data-method="delete" rel="nofollow">Destroy</a></td>
        </tr>

server output

Started GET "/oauth/applications" for 127.0.0.1 at 2014-02-26 18:01:41 -0500
  Processing by Doorkeeper::ApplicationsController#index as */*
  Doorkeeper::Application Load (0.1ms)  SELECT "oauth_applications".* FROM "oauth_applications" 
Rendered doorkeeper/applications/index.html.erb within layouts/application (3.6ms)
Rendered layouts/_header.html.erb (0.0ms)
Rendered layouts/_flash.html.erb (0.0ms)
Completed 200 OK in 18ms (Views: 15.8ms | ActiveRecord: 0.7ms)

API for managing authorized api clients

POST /oauth/applications

Creates an authorized application with client id and secret. This is form submission from the page served by /oauth/applications/new

GET /oauth/applications/new

Serves a web form for editing a new authorized api client.

GET /oauth/applications/:id/edit

Serves a web form for editing the specified authorized api client.

GET /oauth/applications/:id

Displays a web page with details of a specified authorized api client.

PUT /oauth/applications/:id

Updates an authorized api client. This is form submission from the page served by /oauth/applications/:id/edit

DELETE /oauth/applications/:id

Deletes the specified authorized api client

GET /oauth/authorized_applications

Web user interface for logged-in user displays a list of api client authorizations along with delete buttons. Invokes the resource_owner_authenticator method defined in config/initializers/doorkeeper.rb to authenticate the current user.

curl command

curl -F username=user@example.com \
-X GET http://localhost:3000/oauth/authorized_applications

command output

HTML page includes table of api client authorizations

        <tr>
          <td>Doorkeeper Sinatra Client</td>
          <td>2014-01-28 17:03:24 UTC</td>
          <td><a href="/oauth/authorized_applications/1" class="btn danger" data-confirm="Are you sure?" data-method="delete" rel="nofollow">Revoke</a></td>
        </tr>

server output

Started GET "/oauth/authorized_applications" for 127.0.0.1 at 2014-02-26 18:36:46 -0500
  Processing by Doorkeeper::AuthorizedApplicationsController#index as */*
  Parameters: {"username"=>"user@example.com"}
  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."email" = 'user@example.com' LIMIT 1
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."email" = 'user@example.com' LIMIT 1
  Doorkeeper::Application Load (0.6ms)  SELECT "oauth_applications".* FROM "oauth_applications" INNER JOIN "oauth_access_tokens" ON "oauth_access_tokens"."application_id" = "oauth_applications"."id" AND "oauth_access_tokens"."revoked_at" IS NULL INNER JOIN "oauth_applications" "authorized_applications_oauth_applications" ON "authorized_applications_oauth_applications"."id" = "oauth_access_tokens"."application_id" WHERE "oauth_access_tokens"."resource_owner_id" = 1 AND "oauth_access_tokens"."revoked_at" IS NULL GROUP BY oauth_applications.id,oauth_applications.name,oauth_applications.uid,oauth_applications.secret,oauth_applications.redirect_uri,oauth_applications.created_at,oauth_applications.updated_at,oauth_applications.owner_id,oauth_applications.owner_type
Rendered doorkeeper/authorized_applications/index.html.erb within layouts/application (44.5ms)
Rendered layouts/_header.html.erb (0.0ms)
Rendered layouts/_flash.html.erb (0.0ms)
Completed 200 OK in 5593ms (Views: 58.4ms | ActiveRecord: 1.8ms)

DELETE /oauth/authorized_applications/:id

Destroys the identified api client authorization from a user. Invokes the resource_owner_authenticator method defined in config/initializers/doorkeeper.rb to authenticate the current user.

curl command

curl -F username=user@example.com \
-X DELETE http://localhost:3000/oauth/authorized_applications/1

command output

redirect to /oauth/authorized_applications

server output

Started DELETE "/oauth/authorized_applications/1" for 127.0.0.1 at 2014-02-26 18:50:03 -0500
  Processing by Doorkeeper::AuthorizedApplicationsController#destroy as */*
  Parameters: {"username"=>"user@example.com", "id"=>"1"}
  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."email" = 'user@example.com' LIMIT 1
  CACHE (0.0ms)  SELECT "users".* FROM "users" WHERE "users"."email" = 'user@example.com' LIMIT 1
  Doorkeeper::AccessToken Load (0.7ms)  SELECT "oauth_access_tokens".* FROM "oauth_access_tokens" WHERE "oauth_access_tokens"."application_id" = 1 AND "oauth_access_tokens"."resource_owner_id" = 1 AND "oauth_access_tokens"."revoked_at" IS NULL
  SQL (3.5ms)  UPDATE "oauth_access_tokens" SET "revoked_at" = '2014-02-26 23:50:10' WHERE "oauth_access_tokens"."id" = 2
  SQL (0.9ms)  UPDATE "oauth_access_tokens" SET "revoked_at" = '2014-02-26 23:50:10' WHERE "oauth_access_tokens"."id" = 83
Redirected to http://localhost:3000/oauth/authorized_applications
Completed 302 Found in 6314ms

GET /oauth/token/info

Shows details about the token used for authentication

curl command

curl -H "Authorization: Bearer 53cff8f4a549beb1c38704158b0f6608a2382f094b6947ecc35c2eed4146a17c" \
     localhost:3000/oauth/token/info

command output

{"resource_owner_id":1,
"scopes":[],
"expires_in_seconds":7178,
"application":{"uid":null},
"created_at":1440460991}

server output

Started GET "/oauth/token/info" for 127.0.0.1 at 2015-08-24 17:03:32 -0700
Processing by Doorkeeper::TokenInfoController#show as */*
  Doorkeeper::AccessToken Load (0.3ms)  SELECT  "oauth_access_tokens".* FROM "oauth_access_tokens" WHERE "oauth_access_tokens"."token" = ? LIMIT 1  [["token", "bea06cb4f681e04f5a3bbfe699ad1b7e8cb40c2a57f974370da5f537d71509be"]]
Completed 200 OK in 2ms  

token not found

command output

{"error":"invalid_token","error_description":"The access token is invalid","state":"unauthorized"}

server output

Started GET "/oauth/token/info" for 127.0.0.1 at 2015-08-24 17:06:49 -0700
Processing by Doorkeeper::TokenInfoController#show as */*
  Doorkeeper::AccessToken Load (0.1ms)  SELECT  "oauth_access_tokens".* FROM "oauth_access_tokens" WHERE "oauth_access_tokens"."token" = ? LIMIT 1  [["token", "bea06cb4f681e04f5a3bbfe699ad1b7e8cb40c2a57f974371509be"]]
Completed 401 Unauthorized in 1ms

POST /oauth/revoke

Revokes the given token, requires authentication in header with application client id and client secret (https://github.com/doorkeeper-gem/doorkeeper/issues/1412#issuecomment-631938006)

curl command

curl -F token=53cff8f4a549beb1c38704158b0f6608a2382f094b6947ecc35c2eed4146a17c \
 -H "Authorization: Basic Base64(client_id:client_secret)" \
 -X POST localhost:3000/oauth/revoke

result

Always returns 200 OK, even if token doesn't exist or has already been revoked.

Clone this wiki locally