I want to build a backend API with rails-api. In addition, like StackMob, I want to build my API based on OAuth. Thus I think I should use doorkeeper too.
However I am not sure how to write user signup, login and logout part.
First of all, in the rails-api, there is no session, thus I cannot store logged in user_id in rails' session dictionary.
I guess I should do like this: when a user tries to log in, I first check the database to fetch such user, then generate an access_token using doorkeeper. Then I return the access_token to client. Afterwards, when the user tries to get some resources, I use doorkeeper's authentication (i.e. OAuth) to check authorization.
Is such way appropriate? Could Anyone provide any advise?
BTW, I tried to use devise for user loging in and out, but it turns out that devise is not suitable for an API app, at least I cannot handle. Any help about Devise is also welcomed!