// the find
doorkeeper-gem/doorkeeper
Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape.
Doorkeeper is a Rails engine that turns your app into an OAuth 2.0 authorization server — handling auth codes, tokens, scopes, PKCE, token introspection, and revocation. It's the go-to choice when you need to issue tokens to third-party clients from a Rails app, not when you need to consume OAuth from a provider like GitHub or Google.
Full RFC compliance across the core OAuth 2.0 grant types plus PKCE, token introspection (RFC 7662), and revocation (RFC 7009) — this isn't a partial implementation. The ORM abstraction is genuinely useful: swap ActiveRecord for MongoDB or Sequel without touching application code. Secret storage options (plain, SHA-256, bcrypt) let you make a real security tradeoff rather than being stuck with plaintext tokens in the DB. The extension ecosystem (OpenID Connect, JWT tokens, device flow) is first-party maintained, not random community forks.
No built-in support for DPoP (RFC 9449) or Pushed Authorization Requests (RFC 9126), which are increasingly expected in modern OAuth deployments and have to be bolted on manually. The default views are functional but bare — any production app will need custom authorization UIs, which means overriding engine views and fighting Rails asset pipeline conventions. The ROPC (password) grant is supported and on by default; teams adopting this without understanding that the grant is deprecated in OAuth 2.1 will build flows they'll regret. Token cleanup for expired records requires running a rake task or background job — nothing handles it automatically, so DBs quietly accumulate stale rows.