grape_oauth2 icon indicating copy to clipboard operation
grape_oauth2 copied to clipboard
verified publisher icon grape-oauth2

Use of this gem with Client Credentials flow

Open periflo opened this issue 6 years ago • 4 comments

We're using Grape with Grape::OAuth2 for a Rails project which provides an API that needs to be secured by the Client Credentials flow of OAuth2.

We've been following the configuration guidelines and the 'lazy' usage example stated in the README, but we have a question regarding the resource_owner_class_name. As we are using Client Credentials we don't need a resource owner, but the documentation states that all three models must exist. We don't know if we could abstain from creating that model or if we should do something else.

We didn't include the resource owner parts in our migrations either.

Thanks for your time.

periflo avatar Oct 23 '19 07:10 periflo

Hi @periflo90 . First of all I need to know if you are using existing gems mixins (ActiveRecord / Sequel, Mongoid?). If yes, then as far as I remember AccessToken and AccessGrant mixins has associations on resource_owner_class_name , so it must be present.

But you can just implement your own classes for tokens and just ignore resource_owner_class_name as it would be called only in corresponding OAuth flow.

nbulaj avatar Oct 24 '19 15:10 nbulaj

Hello @nbulaj, thanks for your reply.

Yes, we are using ActiveRecord mixins.

periflo avatar Oct 25 '19 06:10 periflo

Then I can recommend to "copy" the behavior of this mixins but without association to resource owner if you don't need it

nbulaj avatar Oct 29 '19 14:10 nbulaj

Will do. Thank you very much!

periflo avatar Oct 31 '19 09:10 periflo