*** Exception NoMethodError in Rack application ob ject (undefined method `options' for nil:NilClass)

[soonya]

Application uses
rails-4.2
grape (0.17.0)
doorkeeper (2.1.4)
wine_bouncer (1.0.1)
grape (0.17.0)
devise (4.2.0)
omniauth (1.3.1)
warden (1.2.6)
ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-linux]
4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:42:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

I am getting this exception below while trying to sign_in with https://hostname/users/sign_in

App 15836 stderr: I, [2016-09-28T15:39:16.856433 #15924] INFO -- : Started GET "/users/sign_in" for 127.0.0.1 at 2016-09-28 15:39:16 +0530
App 15836 stderr:
App 15836 stderr: NoMethodError: undefined method options' for nil:NilClass App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/wine_bouncer-1.0.1/lib/wine_bouncer/auth_strategies/default.rb:23:inendpoint_authorizations'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/wine_bouncer-1.0.1/lib/wine_bouncer/auth_strategies/default.rb:7:in endpoint_protected?' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/wine_bouncer-1.0.1/lib/wine_bouncer/oauth2.rb:46:inendpoint_protected?'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/wine_bouncer-1.0.1/lib/wine_bouncer/oauth2.rb:88:in before' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/grape-0.17.0/lib/grape/middleware/base.rb:28:incall!'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/grape-0.17.0/lib/grape/middleware/base.rb:23:in call' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/routing/route_set.rb:74:indispatch'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/routing/route_set.rb:43:in serve' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/routing/mapper.rb:49:inserve'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/journey/router.rb:43:in block in serve' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/journey/router.rb:30:ineach'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/journey/router.rb:30:in serve' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/routing/route_set.rb:819:incall'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/omniauth-1.3.1/lib/omniauth/strategy.rb:186:in call!' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/omniauth-1.3.1/lib/omniauth/strategy.rb:164:incall'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/omniauth-1.3.1/lib/omniauth/strategy.rb:186:in call!' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/omniauth-1.3.1/lib/omniauth/strategy.rb:164:incall'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/omniauth-1.3.1/lib/omniauth/strategy.rb:186:in call!' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/omniauth-1.3.1/lib/omniauth/strategy.rb:164:incall'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/omniauth-1.3.1/lib/omniauth/strategy.rb:186:in call!' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/omniauth-1.3.1/lib/omniauth/strategy.rb:164:incall'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/omniauth-1.3.1/lib/omniauth/strategy.rb:186:in call!' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/omniauth-1.3.1/lib/omniauth/strategy.rb:164:incall'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/rack-1.6.4/lib/rack/config.rb:17:in call' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/rack-1.6.4/lib/rack/session/abstract/id.rb:225:incontext'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/rack-1.6.4/lib/rack/session/abstract/id.rb:220:in call' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/middleware/cookies.rb:560:incall'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/warden-1.2.6/lib/warden/manager.rb:35:in block in call' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/warden-1.2.6/lib/warden/manager.rb:34:incatch'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/warden-1.2.6/lib/warden/manager.rb:34:in call' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/rack-1.6.4/lib/rack/etag.rb:24:incall'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/rack-1.6.4/lib/rack/conditionalget.rb:25:in call' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/rack-1.6.4/lib/rack/head.rb:13:incall'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/middleware/params_parser.rb:27:in call' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/middleware/flash.rb:260:incall'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/rack-1.6.4/lib/rack/session/abstract/id.rb:225:in context' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/rack-1.6.4/lib/rack/session/abstract/id.rb:220:incall'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/middleware/cookies.rb:560:in call' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/activerecord-4.2.1/lib/active_record/query_cache.rb:36:incall'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/activerecord-4.2.1/lib/active_record/connection_adapters/abstract/connection_pool.rb:649:in call' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/middleware/callbacks.rb:29:inblock in call'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/activesupport-4.2.1/lib/active_support/callbacks.rb:88:in _run_callbacks' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/activesupport-4.2.1/lib/active_support/callbacks.rb:776:in_run_call_callbacks'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/activesupport-4.2.1/lib/active_support/callbacks.rb:81:in run_callbacks' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/middleware/callbacks.rb:27:incall'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/middleware/remote_ip.rb:78:in call' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/middleware/debug_exceptions.rb:17:incall'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/web-console-2.3.0/lib/web_console/middleware.rb:28:in block in call' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/web-console-2.3.0/lib/web_console/middleware.rb:18:incatch'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/web-console-2.3.0/lib/web_console/middleware.rb:18:in call' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/middleware/show_exceptions.rb:30:incall'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/railties-4.2.1/lib/rails/rack/logger.rb:38:in call_app' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/railties-4.2.1/lib/rails/rack/logger.rb:22:incall'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/middleware/request_id.rb:21:in call' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/rack-1.6.4/lib/rack/methodoverride.rb:22:incall'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/rack-1.6.4/lib/rack/runtime.rb:18:in call' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/rack-1.6.4/lib/rack/lock.rb:17:incall'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/middleware/static.rb:113:in call' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/rack-1.6.4/lib/rack/sendfile.rb:113:incall'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/middleware/ssl.rb:24:in call' App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/railties-4.2.1/lib/rails/engine.rb:518:incall'
App 15836 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/railties-4.2.1/lib/rails/application.rb:164:in call' App 15836 stderr: from /usr/lib/ruby/vendor_ruby/phusion_passenger/rack/thread_handler_extension.rb:97:inprocess_request'
App 15836 stderr: from /usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler/thread_handler.rb:152:in accept_and_process_next_request' App 15836 stderr: from /usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler/thread_handler.rb:113:inmain_loop'
App 15836 stderr: from /usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler.rb:416:in block (3 levels) in start_threads' App 15836 stderr: from /usr/lib/ruby/vendor_ruby/phusion_passenger/utils.rb:113:inblock in create_thread_and_abort_on_exception'

[texpert]

Could you be more specific, please?!
How the sign_in is implemented (Rails or Grape controller)? What's the authentication workflow?

[soonya]

The authentication is via Devise::Sessions(derived class) controller#create while attempting the database authentication. If I disable wine_bouncer the endpoint is invoked. The route users/sign_in is provided by devise, the endpoint for the route is configured via 'devise_for: :users, controllers => {...}'

[soonya]

We are making use of oauth2 scopes for various routes. We need to allow db auth as well as users of oauth2 providers. The exception scenario above is for the database user case(app internally authenticated user). The authentication is performed by doorkeeper's configuration for resource_owner_from_credentials in the sign_in case I believe and resource_owner_authenticator for all other requests.

[soonya]

When wine_bouncer is enabled the login form provided by GET /users/sign_in does not get rendered. Similarly for POST /users/sign_in

[soonya]

the way I understand it, /users/sign_in does not have any oauth2 scope decoration, so ideally only warden's authenticate needs to get invoked am I right and then the endpoint for the route has to be invoked, am I correct ?

[texpert]

What auth_strategy is configured in your WineBouncer initializer?

Mine is :swagger (I am using grape-swagger with grape-swagger-rails for Swagger UI):

`WineBouncer.configure do |config|
config.auth_strategy = :swagger

config.define_resource_owner do
User.find(doorkeeper_access_token.resource_owner_id) if doorkeeper_access_token
end
end
`

My routes.rb is like this:
Rails.application.routes.draw do use_doorkeeper do skip_controllers :applications, :authorized_applications end devise_for :users, only: :confirmations, defaults: { format: :json } mount GrapeSwaggerRails::Engine => '/swagger' mount Root => '/' end

And then, the root.rb where all endpoints are mounted:

`class Root < Grape::API
use ::WineBouncer::OAuth2

namespace :api, desc: 'API operations' do
mount API::V1::ApiService
end

mount Users
mount Oauth

add_swagger_documentation base_path: '/'...
`

The authentication is transparently passed via Grape endpoint oauth.rb to Doorkeeper, As you could see below, this Oauth Grape endpoint is not decorated by WineBouncer and the POST action is empty - the request is being further directed to Doorkeeper:

`class Oauth < Grape::API
include GrapeDefaults

helpers API::Helpers

resources :oauth, desc: 'Oauth operations' do
desc 'Login with credentials for an access token'
params do
requires :grant_type, values: %w(password)
requires :email
requires :password
end

post :token do
end

end
end
`

The user.rb is a fully functiional Grape endpoint, all the actions except POST users#create decorated with WineBouncer.

I think that if you're using :protected WineBouncer strategy you better don't pass authentication through a Grape endpoint - I would remove the above oauth.rb file completely, so the request will go directly to Doorkeeper.

[soonya]

This is what I have:

WineBouncer.configure do |config|
config.auth_strategy = :default

config.define_resource_owner do
User.find(doorkeeper_access_token.resource_owner_id) if doorkeeper_access_token
end

end

class API::Base < Grape::API

Add any custom headers if you want here

use CustomHeader

Define any custom helpers if you want here

helpers do
def current_user
@current_user ||= User.find(doorkeeper_access_token.resource_owner_id)
end
end

Override default Grape parsers and other engines with Json parsers

content_type :json, 'application/json'

Make json as the default request and response format

default_format :json

Uncomment this if you do not want to allow any other format other than json

format :json

Use grape_jbuilder to render json views

#formatter :json, Grape::Formatter::Jbuilder

Configure request logging for grape

logger Logger.new(STDERR)
use GrapeLogger, { logger: logger }

default_error_formatter :json

Use WineBouncer to integrate doorkeeper with Grape

use ::WineBouncer::OAuth2

Mount version routes here

mount API::V1::Base

Rescue all path not found errors

route :any, '*path' do
error!({message: "No such route '#{request.path}'", status: 404}, 404)
end
end

V1::Base has the user mounted under controller/api/v1/user.rb

Rails.application.routes.draw do

use_doorkeeper
devise_for :users, :controllers => {sessions: 'sessions', registrations: 'registrations', omniauth_callbacks: 'users/omniauth_callbacks'}
devise_scope :user do
post 'users/finish_sign_up', :to => 'registrations#finish_sign_up'
get 'users/finish_sign_up', :to => 'registrations#finish_sign_up'
end
mount API::Base, at: '/api'
end

[soonya]

Funny thing is the login form itself does not render when we open the url https://hostname/users/sign_in (GET /users/sign_in)

[soonya]

The other thing is if you try POST to /oauth/token, you are politely redirected /users/sign_in

[soonya]

One thought I had is to conditionally disable wine_bouncer based on the request path. How is the request object accessed in the wine_bouncer config block ?

[texpert]

Redirect from POST to /oauth/token is because of devise_for sessions and registrations.
Try this configuration of devise:

devise_for :users, only: :confirmations, defaults: { format: :json }

I even think that omnniauth_callbacks are also not needed here - your Oauth provider is Doorkeeper, not Omniauth. But I am not very certain of this - should be investigated.

[soonya]

The CustomHeader should not affect wine_bouncer I hope.

[soonya]

App 4420 stderr: I, [2016-10-03T08:37:02.876626 #4508] INFO -- : Started GET "/users/sign_in" for 127.0.0.1 at 2016-10-03 08:37:02 +0530
App 4420 stderr:
App 4420 stderr: ActionController::RoutingError: No route matches [GET] "/users/sign_in"
App 4420 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/middleware/debug_exceptions.r
b:21:in call' App 4420 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/web-console-2.3.0/lib/web_console/middleware.rb:28:inblock in ca
ll'
App 4420 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/web-console-2.3.0/lib/web_console/middleware.rb:18:in catch' App 4420 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/web-console-2.3.0/lib/web_console/middleware.rb:18:incall'
App 4420 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/middleware/show_exceptions.rb
:30:in call' App 4420 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/railties-4.2.1/lib/rails/rack/logger.rb:38:incall_app'
App 4420 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/railties-4.2.1/lib/rails/rack/logger.rb:22:in call' App 4420 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/middleware/request_id.rb:21:i ncall'
App 4420 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/rack-1.6.4/lib/rack/methodoverride.rb:22:in call' App 4420 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/rack-1.6.4/lib/rack/runtime.rb:18:incall'
App 4420 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/rack-1.6.4/lib/rack/lock.rb:17:in call' App 4420 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/middleware/static.rb:113:in
call'
App 4420 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/rack-1.6.4/lib/rack/sendfile.rb:113:in call' App 4420 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/actionpack-4.2.1/lib/action_dispatch/middleware/ssl.rb:24:incall
'
App 4420 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/railties-4.2.1/lib/rails/engine.rb:518:in call' App 4420 stderr: from /home/soonya/.rvm/gems/[email protected]/gems/railties-4.2.1/lib/rails/application.rb:164:incall'
App 4420 stderr: from /usr/lib/ruby/vendor_ruby/phusion_passenger/rack/thread_handler_extension.rb:97:in process_request' App 4420 stderr: from /usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler/thread_handler.rb:152:inaccept_and_process_next_requ
est'
App 4420 stderr: from /usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler/thread_handler.rb:113:in main_loop' App 4420 stderr: from /usr/lib/ruby/vendor_ruby/phusion_passenger/request_handler.rb:416:inblock (3 levels) in start_threads'
App 4420 stderr: from /usr/lib/ruby/vendor_ruby/phusion_passenger/utils.rb:113:in `block in create_thread_and_abort_on_exception'

[soonya]

Not sure if I need to proceed with wine_bouncer...the config suggested gave the above exception.

[texpert]

I am still seeing 'Started GET "/users/sign_in"' in your log. This is wrong - you are doing Resource Owner Password Credentials Grant Flow, so to get the access_token you should POST with user credentials (email, password) to /oauth/token.

And ,excuse me, but the blind guessing is non-productive. If you want me to take a glance, you could make a repo or a gist with your app.

[soonya]

For that to happen the login page needs to get rendered first as I mentioned earlier. When I disable wine_bouncer, the login page gets rendered. Now I can specify email password only after the login page gets rendered right ?
<
Rails.application.routes.draw do

use_doorkeeper
#devise_for :users, :controllers => {sessions: 'sessions', registrations: 'registrations', omniauth_callbacks: 'users/omniauth_callbacks'}
#devise_for :users, :controllers => {sessions: 'sessions', registrations: 'registrations'}
devise_for :users, only: :confirmations, defaults: { format: :json }
devise_scope :user do
post 'users/finish_sign_up', :to => 'registrations#finish_sign_up'
get 'users/finish_sign_up', :to => 'registrations#finish_sign_up'
end
mount API::Base, at: '/api'
end

[texpert]

Try to comment this too:

devise_scope :user do
post 'users/finish_sign_up', :to => 'registrations#finish_sign_up'
get 'users/finish_sign_up', :to => 'registrations#finish_sign_up'
end

And, to get things clear, the login page should not do GET or POST /users/sign_in, but POST /oauth/token instead.

[soonya]

devise_for :users, only: :confirmations, defaults: { format: :json }
seems to work, but then making a change to this route screws up my app setting. Now the sign_up route (devise new_user_registration) route goes missing, the route is not mounted, as does all our custom session handling (see the original devise_for line in routes.rb posted earlier)

[texpert]

As you want OAuth with Doorkeeper, I already told you that the sign-in should be performed on oauth/token - take a look at Doorkeeper's API endpoint descriptions and examples wiki page

[soonya]

I believe you are confusing new user registration with user sign in. Registration is when a new user wants an account on the app and applies for it. Next the user is confirmed. After the confirmation the sign_in business starts. Looks like, wine_bouncer seems to remove routes it should not be concerned with.

[texpert]

Ah, well. you're right, sorry! Sign in/up mess into my brain (english is non-native for me) :)

For sign up (and also for list, update, remove,) you'll make a Grape Users controller - no need for devise route here. Just 'mount Users' on your Grape Root.

[soonya]

but then, the devise sign_up confirmation handling is all bypassed right ? We need to make use of devise's email confirmation. The user then clicks on the confirmation link and the account is a validated email account. All that what happens to that?

[soonya]

we need these from devise....

devise :database_authenticatable, :registerable, :recoverable,
:rememberable, :trackable, :validatable, :timeoutable,
:lockable, :omniauthable, :confirmable,
:omniauth_providers => [:facebook, :google_oauth2, :windowslive, :twitter, :linkedin]

[soonya]

is it a dead end for me with wine_bouncer ?

[texpert]

Not at all - this is intentionally for confirmations from users to devise to work:

devise_for :users, only: :confirmations, defaults: { format: :json }

[soonya]

[soonya]

all the highlighted routes get removed when I add your devise_for line.

[texpert]

That's right. When you will add and mount a Grape Users controller, you will define all these users' actions in it and the routes will appear again.

[soonya]

I added 'mount Users' in my class API::Base(listed above in earlier post) which is the grape root. I dont see the missing routes yet.

[texpert]

To see Grape roots, use this gem - https://github.com/texpert/grape_on_rails_routes

[soonya]

Oh, I have a rake file to list my api routes: via 'rake grape:routes' already. The missing devise routes are not listed there. I have all my /api//blah routes there.

[soonya]

it lists all the /api/myobject... routes there

[texpert]

Have you correctly mounted users in Grape?
My root.rb goes like this:

class Root < Grape::API
  use ::WineBouncer::OAuth2

  namespace :api, desc: 'API operations' do
    mount API::V1::ApiService
    # other endpoints
    # mount API::V2::Root (next version)
  end

  mount Users
  mount Oauth

  add_swagger_documentation
end

[soonya]

please note we are not using this swagger gem.

[texpert]

Then you just omit 'add_swagger_documentation'.

[soonya]

mount API::Base, at: '/api' this is in routes - so that defines the /api namespace
API::Base in turn has the API::V1::Base, so that is sorted out.

we have use ::WineBouncer::Oauth2
in the grape root.
dont have mount Oauth....I am able to see /oauth/... routes

[texpert]

My routes are like this:

Rails.application.routes.draw do
  use_doorkeeper do
    skip_controllers :applications, :authorized_applications
  end
  devise_for :users, only: :confirmations, defaults: { format: :json }
  mount Root => '/'

I want to use WineBouncer to protect everything, that's why just mounted Root in the routes.rb. Everything else is mounted in the root.rb

You're seeing /oauth roots from the Doorkeepers Rails controller. In my case, as I've already told you, I am passing OAuth via Grape OAuth controller transparently, after which it hits the Doorkeeper Rails controller. So my /oauth route is displayed twice, but that's no problem. You could deal without Grape OAuth controller, If you don't need any parameter validation (or a Swagger entity of it, as in my case).

[texpert]

'use_doorkeeper' and 'devise_for' are just managing routes to Rails controllers - that's all the magic. WineBouncer is a Grape endpoint guard, so if you need to protect smth with WB you have to make it via Grape controllers.

Also, take attention to not put the line 'use ::WineBouncer::OAuth2' more than once - because this means registering WB middleware into Grape and you don't want the requests to pass more than once this middleware.