#353 OAuth with Doorkeeper pro

Ryan, can you make a tutorial for using "TOTP: Time-Based One-Time Password Algorithm" or "Multi-Factor Authentication" that compatible with Google Authenticator like in Google and AWS?? it will be great to add more security :)

Awesome Ryan! Great job. I have one question. Let's say your client app is a mobile app (such as an android app), would you have to redirect to a browser (out of the app) when trying to login? The json part is ok as both android and ios have libraries for those.

+100 on this episode.

The gem was updated with the fix for whitelist_attributes. Check out the version 0.3.4

This is difficult to grasp when we don't know the big picture. Diagrams are required to introduce the concepts before jumping into code. Also including specs with the code would be helpful.

Excellent screencast as usual. I don't seem to be able to find any documentation though on customising the controllers Or models. Mainly things like having the applications associated to a specific user etc.

Has anyone got Doorkeeper working with Mongoid?

Is it possible to use rails-api and doorkeeper together? I'm not sure where the Doorkeeper UI should live. Possibly hack it into rails-api or add it to another rails app, what do you think?

When I try to start up my rails (oauth client) app after building my OAuth strategy (identical to Ryan's structurally), I get this error:

undefined method `uid' for OmniAuth::Strategies:Module

Anyone seen this error before? I'm having a hard time figuring out what I'm doing wrong.

I always have this error when I follow this tutorial:

OAuth2::Error: invalid_grant: The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.

when I'm in the phase of parsing token. What is the problem and how I can fix this ?

Since oauth2 1.1.0 with CSRF protection this code doesn't work. Could somebody point right direction how to apply state param in this provider and client example. thanks

Why do I keep getting the error

An error has occurred
Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.

when trying to sign in through the client app?
I tried running the source code and I get the same errors... any ideas?!

Any advice about using Doorkeeper with Active Model Serializers as shown in episode #409?

Guys, you may wanna check out this fix for the CSRF issues: http://stackoverflow.com/questions/10351386/rails-doorkeeper-cant-verify-csrf-token-authenticity?rq=1

I thought I'd add these notes for future n00bs to consider

• You're most probably going to use Devise as your authentication solution - in that case, you want to change the method for finding the current user to be current user rather than the User.find_by_ code that's in the Doorkeeper initializer by default.
• The OAuth2 gem uses certain defaults to generate the authorization URI - one of them is to assume that your OAuth provide route is /oauth/authorize which it will be if you use the Doorkeeper defaults, and the other is to use the parameter callback for the callback URI. The latter won't work though because the Doorkeeper gem default is to expect the callback URI to be specified with the redirect_uri parameter instead. So change callback= to redirect_uri=

Does anyone know why I get the error:

undefined local variable or method `new_user_session_url' for #Doorkeeper::AuthorizationsController:0x007fef99668bc8

resource_owner_authenticator do
# Put your resource owner authentication logic here.
# Example implementation:
current_user || redirect_to(login_url)
end

I am using Sorcery with Doorkeeper

With Doorkeeper 0.7.4 I had to use callback = "urn:ietf:wg:oauth:2.0:oob" in place of the localhost:3001 callback. Otherwise, the page to exchange the authorization token for an accepted authorization code complained of a bad callback url.

I wish to use Doorkeeper for 3rd party authentication but wish to skip and use before_filter authenticate! for AngularJS based client side web app.
Is it possible to do this?
What is the best way for authentication for an API which should be usable for Single Sign On 1st party app and 3rd party apps like chrome extension?

I want to create an api for an android application, would doorkeeper be perfect for registration and authentication? generally what is the best way to build a secure api? I found so many tutorials but that makes really many doubts.

When I try to generate the access token in the irb console, I get "DNS lookup failed error". Does this have to do with some problem in my machine setup?

irb(main):021:0> access = client.auth_code.get_token("6246e2d200c46b338780e72c4db85f5225c097e907792c31f7acf9b07421fe7f", redirect_uri: callback)
OAuth2::Error: <!-- IE friendly error message walkround.        
     if error message from server is less than   
     512 bytes IE v5+ will use its own error     
     message instead of the one returned by      
     server.                                 --> 
                                                 
                                                 
                                                 
                                                 
                                                 
                                                 
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><style type="text/css">html,body{height:100%;padding:0;margin:0;}.oc{display:table;width:100%;height:100%;}.ic{display:table-cell;vertical-align:middle;height:100%;}div.msg{display:block;border:1px solid #30c;padding:0;width:500px;font-family:helvetica,sans-serif;margin:10px auto;}h1{font-weight:bold;color:#fff;font-size:14px;margin:0;padding:2px;text-align:center;background: #30c;}p{font-size:12px;margin:15px auto;width:75%;font-family:helvetica,sans-serif;text-align:left;}</style><title>504 DNS look up failed</title></head><body><div class="oc"><div class="ic"><div class="msg"><h1>504 DNS look up failed</h1><p>The webserver for http://localhost reported that an error occurred while trying to access the website.  Please click <u><a href="javascript:history.back()">here</a></u> to return to the previous page.</p></div></div></div></body></html>

        from /home/kempa/.rbenv/versions/2.0.0-p451/lib/ruby/gems/2.0.0/gems/oauth2-0.9.3/lib/oauth2/client.rb:110:in `request'
        from /home/kempa/.rbenv/versions/2.0.0-p451/lib/ruby/gems/2.0.0/gems/oauth2-0.9.3/lib/oauth2/client.rb:135:in `get_token'
        from /home/kempa/.rbenv/versions/2.0.0-p451/lib/ruby/gems/2.0.0/gems/oauth2-0.9.3/lib/oauth2/strategy/auth_code.rb:29:in `get_token'
        from (irb):21
        from /home/kempa/.rbenv/versions/2.0.0-p451/bin/irb:12:in `<main>'
irb(main):022:0> 

Ryan, can you shed any light on how you would go about using Doorkeeper (or something similar) to implement separate authorization and resource servers? I'm trying to build one authorization server that can handle oAuth2 for all of our resource servers (instead of trying to implement the authorization server on each of those endpoints). It seems like Doorkeeper is designed for the scenario where the resource and authorization servers are one in the same.

Awesome video and awesome service btw.

So this railscast is great but I ran into problems with the config/initializers/doorkeeper.rb file. Instead of getting to the authorization pages I was redirected to the provider site homepage. I was able to fix this by using all the code shown here
LINK