[openstreetmap/openstreetmap-website] oauth_filter intercepts OAuth2.0 endpoints meant for Doorkeeper (#3245)

[mmd]

(Originally posted in #2145)

Now with OAuth 2.0 in production, I wanted to revisit the [token introspection](https://datatracker.ietf.org/doc/html/rfc7662) topic, which is handled by the `/oauth2/introspect` endpoint.

While the Doorkeeper config supports this endpoint, it seems the `oauth_filter` gem is intercepting the call. It redirects is to the [Oauth2Token model](https://github.com/openstreetmap/openstreetmap-website/blob/master/app/models/oauth2_token.rb), which is not related to Doorkeeper, and then fails with a 415 Unsupported Media Type error.

I'm not at all familiar with any oauth_filter details. All I could find was the query below over at: https://github.com/pelle/oauth-plugin/blob/master/lib/oauth/rack/oauth_filter.rb#L27

Does it still make sense to have this code in place for OAuth2.0, now that we're using Doorkeeper?

```
Started POST "/oauth2/introspect" for ::1 at 2021-07-02 12:12:20 +0200
  Oauth2Token Load (0.9ms)  SELECT "oauth_tokens".* FROM "oauth_tokens" WHERE "oauth_tokens"."type" = $1 AND (invalidated_at IS NULL and authorized_at IS NOT NULL and token = 'xyz') ORDER BY "oauth_tokens"."id" ASC LIMIT $2  [["type", "Oauth2Token"], ["LIMIT", 1]]
  ↳ config/initializers/compressed_requests.rb:27:in `call'
Processing by Doorkeeper::TokensController#introspect as JSON
  Parameters: {"token"=>"xyz"}
Filter chain halted as :enforce_content_type rendered or redirected
Completed 415 Unsupported Media Type in 0ms (Views: 0.1ms | ActiveRecord: 0.0ms | Allocations: 87)
```


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/3245
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20210702/0b2a8294/attachment-0001.htm>