Extra Info in AccessToken about doorkeeper HOT 4 CLOSED

I think you're talking about OmniAuth, aren't you?

Actually, Facebook does not deliver extra information when you request the access token, this information is retrieved by another request that is made after you have the token. This is the same for all OAuth2 providers.

For example in omniauth-facebook strategy, the extra info you mention is retrieved by a request to https://graph.facebook.com/me:

# https://github.com/mkdynamic/omniauth-facebook/blob/master/lib/omniauth/strategies/facebook.rb
module OmniAuth
  module Strategies
    class Facebook < OmniAuth::Strategies::OAuth2

      # ...
      info do
        prune!({
          'nickname' => raw_info['username'],
          'email' => raw_info['email'],
          'name' => raw_info['name'],
          # ...
        })
      end

     # raw_info hash is another request to /me
      def raw_info
        @raw_info ||= access_token.get('/me').parsed
      end

Same for omniauth-twitter: https://github.com/arunagw/omniauth-twitter/blob/master/lib/omniauth/strategies/twitter.rb

So the extra hash is part of your API, not of doorkeeper.

from doorkeeper.

I'll try to find it again, but I explicitly remember couple months ago, the first hash that get's transmitted with a positive authorization contained that data, without an extra API call.

from doorkeeper.

Ok, now I know why that is. I used a weird version of fb_graph and I had to dig in and fork it and I thought its extra hash was served by facebook directly instead of the extra API call. Thank you for your prompt response, you guys are doing a tremendous job with this. If there is any work to be, let me know, I'll try to help as much as possible

from doorkeeper.

Cool! I also wrote a page in the wiki related to this OmniAuth issue.

https://github.com/applicake/doorkeeper/wiki/Create-a-OmniAuth-strategy-for-your-provider

Any feedback is appreciated.

from doorkeeper.