Skip to main content

Subscribe to GoRails to get access to this episode and all other pro episodes, and new awesome content every month.

Subscribe Now
Only $19/month

Unlimited access. Cancel anytime.

10 OAuth API Authentication:

API Authentication with an OAuth Provider

Episode 250 · June 19, 2018

Setting up an OAuth provider is a great way to add authentication to your API using the doorkeeper gem

APIs OAuth Authentication


No transcripts available. Earn a free month


Awesome! Can't wait to see the next videos!
I thought the same :)

When accessing the me.json endpoint, my doorkeeper_token seems to be null.

I signed up with a new user via devise... then tried to access the endpoint.

Do i need to some fiddling with registering a new oauth app and acquiring a key then sending it along in the request w/ postman or something?



I can't access the me.json endpoint,

11:06:01 web.1     | Started GET "/api/v1/me.json" for ::1 at 2018-07-20 11:06:01 +0100

11:06:01 web.1 | Processing by Api::V1::UsersController#me as JSON
11:06:01 web.1 | Filter chain halted as :doorkeeper_authorize! rendered or redirected
11:06:01 web.1 | Completed 401 Unauthorized in 2ms (ActiveRecord: 0.0ms)



same here - did you figure it out?


same here some one find the solution?????


Same error. Chris, could you help?


Same error here. Someone solved this ?


In the screencast, I just commented out the before_action so I could show the JSON it renders. You won't be able to access the URL directly unless you make the request with your token. You can use Postman to try it out, or just uncomment the doorkeeper before_action like I did.


Would anyone recommend setting up a main repo with submodules for this kind of project?


Did anyone else get this error? I get this error when I attempt to go to the /ouath/applications url

Access to admin panel is forbidden due to Doorkeeper.configure.admin_authenticator being unconfigured


I tried creating a user and making sure the user is an admin, but maybe the template doesn't fully create a full working web app with devise? It keeps saying things like "lasted signed in at & current sign in at" doesn't exist for the user schema.


Did you sort this out @geraldcarter


Hi Chris is this video a follow on from something else, there seems to be a lot of code not outlined in the video. Just want to make sure I am starting at the start


Hey Jeremy,

Like I mentioned at the beginning, we're using the Jumpstart template that I made.

I'm not gonna waste your time installing Devise and Bootstrap every episode, so I made the Rails Jumpstart template for that. 👍


Thats awesome mate, is there a video where you show how to create that? I only asked because when I went to http://localhost:3000/oauth/applications i got a blank page


That route comes from the doorkeeper gem, so if it's blank, then your installation may not be done right.

This is the episode on the Rails template:


I am not sure what i am doing wrong but i keep hitting

Started GET "/oauth/applications" for at 2018-09-13 14:37:44 +1000
Processing by Doorkeeper::ApplicationsController#index as HTML
Access to admin panel is forbidden due to Doorkeeper.configure.admin_authenticator being unconfigured.
Filter chain halted as :authenticate_admin! rendered or redirected
Completed 403 Forbidden in 2ms (ActiveRecord: 0.0ms)

Check the 3rd line there:

Access to admin panel is forbidden due to Doorkeeper.configure.admin_authenticator being unconfigured.


Yeah I get that, I am just struggling to see where that happens in the video? As far as i can see I have my Doorkeeper set up as you have seems the comment above mine is the same?

Doorkeeper.configure do
  # Change the ORM that doorkeeper will use (needs plugins)
  orm :active_record

  resource_owner_authenticator do
      current_user || warden.authenticate!(:scope => :user)

  # If you didn't skip applications controller from Doorkeeper routes in your application routes.rb
  # file then you need to declare this block in order to restrict access to the web interface for
  # adding oauth authorized applications. In other case it will return 403 Forbidden response
  # every time somebody will try to access the admin web interface.
  # admin_authenticator do
  #   # Put your admin authentication logic here.
  #   # Example implementation:
  # if current_user
  #  head :forbidden unless current_user.admin?
  #   else
  #     redirect_to sign_in_url
  #   end
  # end

I can see the commented out section, but this is commented out in the video...

Am I missing something?


Uncommented and removed head :forbidden unless current_user.admin? as i do not have an admin role set up.

Login or create an account to join the conversation.