Last active
March 10, 2022 10:27
-
-
Save traumverloren/eb7c27e1e2780240c13f to your computer and use it in GitHub Desktop.
Revisions
-
traumverloren revised this gist
Apr 24, 2015 . 1 changed file with 99 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -10,4 +10,102 @@ # This block will be called to check whether the resource owner is authenticated or not. resource_owner_authenticator do User.find_by_id(session[:user_id]) || redirect_to(new_session_url(return_to: request.fullpath)) end # Provide support for an owner to be assigned to each registered application (disabled by default) # Optional parameter :confirmation => true (default false) if you want to enforce ownership of # a registered application # Note: you must also run the rails g doorkeeper:application_owner generator to provide the necessary support enable_application_owner :confirmation => true # In this flow, a token is requested in exchange for the resource owner credentials resource_owner_from_credentials do |routes| user = User.find_by_email(params[:email]) user if user && user.authenticate(params[:password]) end # Allow non https redirects force_ssl_in_redirect_uri false # You'll receive the access token back in the response # {"access_token":"b1b218369cc52a47c891feaadec8b5d792288aafe02c11c2d835548f350f574d", # "token_type":"bearer", # "expires_in":7200, # "created_at":1425474562} # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below. # admin_authenticator do # # Put your admin authentication logic here. # # Example implementation: # Admin.find_by_id(session[:admin_id]) || redirect_to(new_admin_session_url) # end # Authorization Code expiration time (default 10 minutes). # authorization_code_expires_in 10.minutes # Access token expiration time (default 2 hours). # If you want to disable expiration, set this to nil. access_token_expires_in 30.days # Reuse access token for the same resource owner within an application (disabled by default) # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383 # reuse_access_token # Issue access tokens with refresh token (disabled by default) use_refresh_token # Define access token scopes for your provider # For more information go to # https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes # default_scopes :public # optional_scopes :write, :update # Change the way client credentials are retrieved from the request object. # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then # falls back to the `:client_id` and `:client_secret` params from the `params` object. # Check out the wiki for more information on customization # client_credentials :from_basic, :from_params # Change the way access token is authenticated from the request object. # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then # falls back to the `:access_token` or `:bearer_token` params from the `params` object. # Check out the wiki for more information on customization # access_token_methods :from_bearer_authorization, :from_access_token_param, :from_bearer_param # Change the native redirect uri for client apps # When clients register with the following redirect uri, they won't be redirected to any server and the authorization code will be displayed within the provider # The value can be any string. Use nil to disable this feature. When disabled, clients must provide a valid URL # (Similar behaviour: https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi) # # native_redirect_uri 'urn:ietf:wg:oauth:2.0:oob' # Specify what grant flows are enabled in array of Strings. The valid # strings and the flows they enable are: # # "authorization_code" => Authorization Code Grant Flow # "implicit" => Implicit Grant Flow # "password" => Resource Owner Password Credentials Grant Flow # "client_credentials" => Client Credentials Grant Flow # # If not specified, Doorkeeper enables all the four grant flows. # # grant_flows %w(authorization_code implicit password client_credentials) # Under some circumstances you might want to have applications auto-approved, # so that the user skips the authorization step. # For example if dealing with trusted a application. # skip_authorization do |resource_owner, client| # client.superapp? or resource_owner.admin? # end # WWW-Authenticate Realm (default "Doorkeeper"). # realm "Doorkeeper" # Allow dynamic query parameters (disabled by default) # Some applications require dynamic query parameters on their request_uri # set to true if you want this to be allowed # wildcard_redirect_uri false end # Extend Doorkeeper models Doorkeeper::Application.send :include, ApplicationExtension Doorkeeper.configuration.token_grant_types << "password" -
Apr 24, 2015 . 2 changed files with 13 additions and 14 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,13 @@ ######################### # config/initializers/doorkeeper.rb ######################### Doorkeeper.configure do # Change the ORM that doorkeeper will use. # Currently supported options are :active_record, :mongoid2, :mongoid3, :mongo_mapper orm :active_record # This block will be called to check whether the resource owner is authenticated or not. resource_owner_authenticator do User.find_by_id(session[:user_id]) || redirect_to(new_session_url(return_to: request.fullpath)) end This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,17 +1,3 @@ ######################### # sessions_controller.rb ######################### -
Apr 24, 2015 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,37 @@ ######################### # config/initializers/doorkeeper.rb ######################### Doorkeeper.configure do # Change the ORM that doorkeeper will use. # Currently supported options are :active_record, :mongoid2, :mongoid3, :mongo_mapper orm :active_record # This block will be called to check whether the resource owner is authenticated or not. resource_owner_authenticator do User.find_by_id(session[:user_id]) || redirect_to(new_session_url(return_to: request.fullpath)) end ######################### # sessions_controller.rb ######################### class SessionsController < ApplicationController def new session[:return_to] = params[:return_to] end def create user = User.find_by_email(params[:email]) if user && user.authenticate(params[:password]) session[:user_id] = user.id redirect_to session[:return_to] || root_url, notice: "Logged in!" session.delete(:return_to) else flash.now.alert = "Invalid password or email" render "new" end end end