13 September 2020
In the previous section, we talked about integrating the doorkeeper gem for the bookmarker application, and also we documented api/v1/oauth/token with swagger. Doorkeeper gem also provides api/v1/oauth/token/info to get token information. You can check available oauth routes by running bundle exec rake routes command. This week we will document api/v1/oauth/token/info endpoint by using swagger.
api/v1/token/info endpoint basically gives us the necessary information about the provided token. The client-side developers use this endpoint to check the existing token’s validity and scope. (We don’t have any scope yet!)
Let’s say if we have an existing token that is ffxcdW1ktS59jbqWnRkfZRc6Vr9N16PyCQYKcNq-Su0 we can use it as following request to get the token information.
curl -H "Authorization: Bearer ffxcdW1ktS59jbqWnRkfZRc6Vr9N16PyCQYKcNq-Su0" \
localhost:3000/api/v1/oauth/token/infoBasically, it’s a GET request with token specified in the header. The response should look as demonstrated below.
{
"resource_owner_id": 1,
"scope": [],
"expires_in": 7147,
"application": {
"uid": null
},
"created_at": 1599829828
}resource_owner_id: ID of the resource owner, in our example, it’s a user ID.scope: We don’t have any scope yet, but we will have in the future to differentiate premium and free users for the bookmarker application.expires_in: Tells us after how many seconds this token will expire. By default, doorkeeper expires token in 2 hours. (You can change this in doorkeeper initializer.)application: We also don’t have any application but let’s say if we provide an API to external clients, then we could have identified them from their application uid.created_at: Timestamp value of the token’s creation.Let’s document the endpoint by editing app/controllers/swagger/controllers/oauth_token_controller.rb file.
# frozen_string_literal: true
class Swagger::Controllers::OauthTokenController
include Swagger::Blocks
# ...
swagger_path '/oauth/token/info' do
operation :get do
key :description, 'Show details about the token used for authentication'
key :tags, [
'oauth'
]
parameter do
key :name, :Authorization
key :in, :header
key :required, true
schema do
key :type, :string
end
end
response 200 do
key :description, 'Details about the specified token'
schema do
key :'$ref', :OauthTokenInfo
end
end
response 401 do
key :description, 'Unauthorized'
schema do
key :'$ref', :Unauthorized
end
end
end
end
endWe have defined the 200 response with OauthTokenInfo and Unauthorized classes in case of invalid token that we will create now.
# frozen_string_literal: true
module Swagger::Models::OauthTokenInfo
include Swagger::Blocks
swagger_schema :OauthTokenInfo do
key :type, :object
key :required, %i[resource_owner_id scope expires_in created_at]
property :resource_owner_id do
key :type, :integer
key :format, :int64
end
property :scope do
key :type, :array
items do
key :type, :string
end
end
property :expires_in do
key :type, :integer
end
property :created_at do
key :type, :integer
key :format, :int64
end
end
endWe will also define Unauthorized class inside of the app/controllers/swagger/models folder. You can test it with a non-existing token to see the structure of the response.
# frozen_string_literal: true
module Swagger::Models::Unauthorized
include Swagger::Blocks
swagger_schema :Unauthorized do
key :type, :object
property :error do
key :type, :string
end
property :error_description do
key :type, :string
end
property :state do
key :type, :string
end
end
endIf you enter to the http://localhost:3000/swagger, you should see the documentation of api/v1/oauth/token/info endpoint in the oauth section.
We explained how we document api/v1/oauth/token/info endpoint by using swagger. You can find the source code of bookmarker application on github. You can also find the previous chapter here. From this chapter on, I would like to keep chapters as small as possible to make it easy to consume for readers. (Maybe it’s better to call them sections or modules instead of chapters.)
Thank you for reading! If you want to be notified when I publish a new chapter, you can follow me on twitter.