Using Resource Owner Password Credentials flow

In this flow, a token is requested in exchange for the resource owner credentials (username and password):

Configuration

To use this flow you first have to tell doorkeeper how to authenticate the resource owner with username/password:

Doorkeeper.configure do
  resource_owner_from_credentials do |routes|
    User.authenticate!(params[:username], params[:password])
  end
end

This is basically everything you need to do.

Newer version of devise don't provide authenticate! anymore. But you can use something like the following:

Doorkeeper.configure do
  resource_owner_from_credentials do |routes|
    u = User.find_for_database_authentication(:email => params[:username])
    u if u && u.valid_password?(params[:password])
  end
end

Testing

For testing you can use the oauth2 ruby gem:

client = OAuth2::Client.new('the_client_id', 'the_client_secret', :site => "http://example.com")
access_token = client.password.get_token('user@example.com', 'sekret')
puts access_token.token

That will make a POST request to the OAuth providers /oauth/token endpoint, with the params:

{
  "grant_type"    : "password",
  "username"      : "user@example.com",
  "password"      : "sekret",
  "client_id"     : "the_client_id",
  "client_secret" : "the_client_secret"
}

Then, you'll receive the access token back in the response:

{
  "access_token": "1f0af717251950dbd4d73154fdf0a474a5c5119adad999683f5b450c460726aa",
  "token_type": "bearer",
  "expires_in": 7200
}

Links:

• http://tools.ietf.org/html/draft-ietf-oauth-v2-25#page-9
• http://tools.ietf.org/html/draft-ietf-oauth-v2-25#page-34