Doorkeeper: Store extra info in Access Token

Created on 11 Jul 2016  路  6Comments  路  Source: doorkeeper-gem/doorkeeper

We are using Doorkeeper for our Oauth implementation and use Oauth for our mobile apps. These mobile apps create an access token. We would like to store extra information in the access tokens table in order to present more information for the end user when revoking tokens. We'd like to store a User-Agent string and ip address to inform the end user about the mobile phone he is about to unlink.

We've added the required columns to the database, but have difficulty with adding the information to the access token. We tried the following:

  1. Create a after_action callback in the TokensController and update the access token with the information from the request. Because the TokensController has no access to the controller callbacks this doesn't work.
  2. Monkeypatch a after_successful_response methode in the AuthorizationCodeRequest class to update the token. This doesn't work because there is no access to the plain request information in these methods.
def after_successful_response
   access_token.update!(
      user_agent: request.user_agent,
      ip: request.ip
   )
end

Both methods feel hacky and I'd prefer a nicer solution. Is there a way to add this information that I'm missing here? Is this a feature we can contribute to Doorkeeper? Any tips on the best approach on how to get access to the request in lower level Doorkeeper classes?

questiodiscussion

Most helpful comment

@edwinv you can try to create a Concern with your custom logic and include it in Doorkeeper::AccessToken class in Doorkeeper initializer (_config/initializers/doorkeeper.rb_), something like this:

# app/models/concerns/custom_access_token_data.rb
module CustomAccessTokenData
  extend ActiveSupport::Concern

  included do
    before_create :set_user_agent

    private

    def set_user_agent
      user_agent = 'Mozilla/5.0 (Linux; U; en-us) '
    end
  end
end
# config/initializers/doorkeeper.rb
Doorkeeper.configure do
  ...
end

Doorkeeper::AccessToken.send :include, CustomAccessTokenData

Or do class_eval with Doorkeeper::AccessToken, but the way above is preferable I think.

All 6 comments

Any update on my question?

Sorry I don't have the time to help you with your question yet. Have you tried asking in https://stackoverflow.com/questions/tagged/doorkeeper? You will get attention from more people than in this issue tracker.

Thank you!

@edwinv I've never done this, not sure how I'd tackle it. What would be a simple API addition or change in doorkeeper that allows you to comfortably add the feature you need? We can work together through it. Thanks!

@edwinv you can try to create a Concern with your custom logic and include it in Doorkeeper::AccessToken class in Doorkeeper initializer (_config/initializers/doorkeeper.rb_), something like this:

# app/models/concerns/custom_access_token_data.rb
module CustomAccessTokenData
  extend ActiveSupport::Concern

  included do
    before_create :set_user_agent

    private

    def set_user_agent
      user_agent = 'Mozilla/5.0 (Linux; U; en-us) '
    end
  end
end
# config/initializers/doorkeeper.rb
Doorkeeper.configure do
  ...
end

Doorkeeper::AccessToken.send :include, CustomAccessTokenData

Or do class_eval with Doorkeeper::AccessToken, but the way above is preferable I think.

So, @edwinv, did it solve your problem?

I'm currently not working on this feature in our app, therefore I can't test if your suggestion works. I'll close my issue for now, if we need anything more we will give a heads up. Thanks!

Was this page helpful?
0 / 5 - 0 ratings