Yay! Finally I made it work. Still dunno why in tutorials all over the web it's much easier.
So, where the problem comes from: in my ApplicationController
(root one, not the one that handles API) I had following for CORS:
before_filter :set_headers
def set_headers
headers['Access-Control-Allow-Origin'] = 'http://0.0.0.0:9000'
headers['Access-Control-Allow-Methods'] = 'GET, POST, PATCH, PUT, DELETE, OPTIONS, HEAD'
headers['Access-Control-Allow-Headers'] = '*,X-Requested-With,Content-Type,If-Modified-Since,If-None-Match'
headers['Access-Control-Max-Age'] = '86400'
end
Digging into the problem I've found that this function is not called when I call /oauth/token but is called when I go to any other route outside of API which is processed with ApplicationController
Doorkeeper has its own controllers independent from your app controller. Docs describes changing of their behavior well (link), so here is what helped me:
routes.rb:
use_doorkeeper do
controllers tokens: 'custom_tokens'
end
custom_tokens_controller.rb:
class CustomTokensController < Doorkeeper::TokensController
include AbstractController::Callbacks
before_filter :set_headers
def set_headers
puts 'headers set'
headers['Access-Control-Allow-Origin'] = 'http://0.0.0.0:9000'
headers['Access-Control-Allow-Methods'] = 'GET, POST, PATCH, PUT, DELETE, OPTIONS, HEAD'
headers['Access-Control-Allow-Headers'] = '*,X-Requested-With,Content-Type,If-Modified-Since,If-None-Match'
headers['Access-Control-Max-Age'] = '86400'
end
end
Important thing is to include Callbacks
into controller, as Doorkeeper controllers are inherited from Metal
, so without inclusion rails can't find before_filter
.
It looks good now: It authenticates my user/password pair, and returns access_token (I hope, it works :D ). If something is wrong, now there should come redirect. This is the problem which I know solution to (custom warden failure), so everything is OK now. Huh! It was long... If anyone knows why internet-based recipes didn't help, please post your thoughts =)