So, even before it makes it to the database, we get you need to sign in or
sign up before continuing.
So, we do get a message right there.
So we can actually look at response, so
as you can see it's 401 not authorized or unauthorized.
So basically right now you can only do a read, but
you will not be able to post or make any kind of changes.
Now the other important thing to remember is we did get a 401 which is great, but
there was no redirect, there was no kind of forwarding that happened by default.
This is because the device has a configuration
of content type that will get redirected and the rest will get denied.
So at this point, we have device protecting both our HTML pages and
all API actions.
And one way to get around this is to supply our credentials to the web
services, which can be very tedious process, so this is where OAuth2, or
our OAuth framework would really be easy to get the request going in with tokens.
And that's exactly what we'll do next with Doorkeeper.
Okay, now that you've got device working and protecting our page,
let's look into Doorkeeper.
Now, Doorkeeper is an OAuth2 provider for Rails, and it's built on top of
Rails engine, that makes it nice and easy to integrate with a Rails application.
And also, you know, so far it supports all the protocol flows.
If you look up the OAuth2 specs, there is half a dozen different flows,
like authorization code flow, and there is implicit grant, refresh token,
access token, scope, and there's client credentials, and so on.
So you can look up the OAuth2 spec,
obviously it's beyond the scope of this course, but
Doorkeeper does a pretty good job at supporting all of these different flows.
So there's a couple of gems that you need to add to our gem file, three actually.
And once you add this gem, just stop the server.
Let's do a bundle one more time to get all these gems installed.
Well the next thing we need to do,
is we need to install Doorkeeper into the application by our Rails g command.
This will add a few lines to the application, and
also it adds a single line to the routes file, very important,
which produces the following URI in config/routes.rb use_doorkeeper.
The next important step for us is to do the database configuration.
We need to configure the ORM and prepare the database.
And in this case we are changing from active record to Mongoid,
hence this line is commented and we have the ORM set to Mongoid.
Also if you recall from some of the Mongoid discussion,
since we are using Mongoid, we just need to install the indexes.
There is no need for an active record migration here.