Question 1

How to install Doorkeeper in a Rails 7 application?

Accepted Answer

Add 'gem 'doorkeeper'' to your Gemfile, run bundle install, and use the Rails generator as per the getting started guide. It sets up initial migrations and configuration files automatically.

Question 2

Doorkeeper vs Devise: which is better for OAuth in Rails?

Accepted Answer

Doorkeeper is focused on OAuth 2.0 provider functionality for APIs, while Devise handles user authentication with optional OAuth client support. Use Doorkeeper if you need to build a full authorization server for third-party apps.

Question 3

Can Doorkeeper handle OpenID Connect out of the box?

Accepted Answer

No, OpenID Connect requires installing the separate doorkeeper-openid_connect extension gem. This adds identity layer capabilities on top of the core OAuth 2.0 features.

Question 4

How to use Doorkeeper with a MongoDB database instead of ActiveRecord?

Accepted Answer

Install the doorkeeper-mongodb extension gem, configure Doorkeeper to use MongoDB adapters, and follow the extension's documentation for setup. It replaces the default Active Record integration.

Question 5

What are common security pitfalls with Doorkeeper?

Accepted Answer

Ensure PKCE is enabled for public clients, use secure token storage, and regularly update the gem for patches. The README references OAuth 2.0 threat models to guide best practices.

Question 6

How to revoke access tokens in Doorkeeper?

Accepted Answer

Doorkeeper supports token revocation via RFC 7009. Implement the revocation endpoint in your routes and use the provided methods to invalidate tokens based on client or user requests.

doorkeeper

What is doorkeeper?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions