In the previous part of this series we met Doorkeeper, a Rails engine to build custom OAuth 2 providers. I showed how to integrate this solution into your app and how to use it to secure API requests.
Currently, users are able to register their OAuth 2 apps, receive access tokens, perform API requests, and work with scopes. However, there are a few things left to take care of:
- The list of OAuth 2 applications can be accessed by anyone
- Users cannot obtain refresh tokens and use them to fetch new access tokens
- It would be nice to craft a custom OmniAuth strategy that can be later packed as a gem
- We need a way to tweak views and routes
Continue reading %Tailor Doorkeeper with Refresh Tokens, Views, and Strategies%
by Ilya Bodrov-Krukowski via SitePoint
No comments:
Post a Comment