Hi,
I plan the following architecture for a small application:
Oauth provider and API backend are the same Rails application. I'm desperate and looking for days to find a secure solution how to implement it. I read about how to not store tokens (refresh tokens) on browsers local and session storage. I also read about HttpOnly cookies etc. I have also read about SPA + API apps and that Authorization Code Flows are more secure then Implicit flows.
Suggestions are very appreciated!
Hi @matthewford . Actually you can use Stack Overflow to ask such questions. GitHub issues tracker we use to add issues and, possibly, feature requests.
Hi @nbulaj! Thank you for the reply. I have found all answers to my questions by myself. But now I'm confused with the config api_only.
How can I do a redirect of /oauth/authorize actions if doorkeeper is configured as api_only? I want to code views by my own SPA app with login form and authorize app question form. api_only renders always a JSON as response.
How solves other developer this scenario? I cannot find nothing about that in other issues and wiki pages.
There does seem to be a lack of documentation on how to properly implement doorkeeper in api_only mode with a detached frontend.
@phlegx I have the same questions as you except I have a React frontend! Can you please the answers to your questions when you get the chance?
Is this solved? how was your implementation with api_only?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
@veeral-patel @errawn have you found a solution?
Most helpful comment
Hi @nbulaj! Thank you for the reply. I have found all answers to my questions by myself. But now I'm confused with the config
api_only.How can I do a redirect of
/oauth/authorizeactions if doorkeeper is configured asapi_only? I want to code views by my own SPA app with login form and authorize app question form.api_onlyrenders always a JSON as response.How solves other developer this scenario? I cannot find nothing about that in other issues and wiki pages.