Skip to content

Changing how clients are authenticated

Jump to bottom Edit New page
ggayan edited this page Oct 29, 2012 · 1 revision

By default doorkeeper authenticates clients using HTTP Basic authentication scheme. If the basic auth is not found in the authorization header, then it falls back to post parameters (client_id and client_secret).

For example, this would be the HTTP request for Client Credentials flow, using basic auth:

POST /oauth/token
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
grant_type=client_credentials

You have the option to include the client credentials using the request body instead of using HTTP Basic.

POST /oauth/token
grant_type=client_credentials&client_id=...&client_secret=...

You can either ignore credentials using Basic header, change the precedence order or even removing one of the features by setting the client_credentials in doorkeeper.rb

Doorkeeper.configure do
  # defaults
  client_credentials :from_basic, :from_params

  # only from basic header
  client_credentials :from_basic
end

Using a lambda/class/module

This option accepts any argument that responds to call, so you can use a lambda or a module/class for example:

Lambda example

Doorkeeper.configure do
  # custom credentials using lambda
  client_credentials lambda { |request| return 'uid', 'secret' }
end

Module/Class example

module MyClientCredentialsAwesomeParser
  def self.call(request)
    # find the client credentials in the request object
    # for example, looking in the authorization
    auth = request.authorization.split(' ').last.split(/:/, 2)

    # You have to return a tuple containing username/password
    return auth.first, auth.last
  end
end

And in doorkeeper.rb

require 'my_client_credentials_awesome_parser'

Doorkeeper.configure do
  client_credentials MyClientCredentialsAwesomeParser, :from_params
end
Add a custom footer
Add a custom sidebar
Clone this wiki locally