Skip to content

Customizing token error response

Logan Donovan edited this page Nov 19, 2018 · 3 revisions

Token error response customization

  1. Create custom_token_error_response.rb file under lib folder. Remember to add lib directory to Rails eager_loading (autoloading) paths. Then override body method of doorkeeper oauth error module.
# lib/custom_token_error_response.rb
module CustomTokenErrorResponse
  def body
    {
      status_code: 401,
      message: I18n.t('devise.failure.invalid', authentication_keys: User.authentication_keys.join('/')),
      result: []
    }
    # or merge with existing values by
    # super.merge({key: value})
  end
end
  1. Prepend this module in doorkeeper ErrorResponse module in doorkeepr.rb initializer file. (check last line in below code)
# config/initializer/doorkeeper.rb
Doorkeeper.configure do
  ...

  # In this flow, a token is requested in exchange for the resource owner credentials (username and password)
  resource_owner_from_credentials do |routes|
    user = User.find_for_database_authentication(:username => params[:username])
    if user && user.valid_for_authentication? { user.valid_password?(params[:password]) }
      user
    end
  end
  ...
  #
  # grant_flows %w(authorization_code client_credentials)
  grant_flows %w(password)

  # Under some circumstances you might want to have applications auto-approved,
  # so that the user skips the authorization step.
  # For example if dealing with a trusted application.
  # skip_authorization do |resource_owner, client|
  #   client.superapp? or resource_owner.admin?
  # end
  skip_authorization do
    true
  end
end

Doorkeeper::OAuth::ErrorResponse.send :prepend, CustomTokenErrorResponse
  1. Now restart your rails server and you are done.

External links:

Clone this wiki locally