Doorkeeper: Turn off SSL for return URI with OAuth2

19.Oct.2015

Doorkeeper does not support / allow non-secure redirect URIs due to potential security risk.

So, Doorkeepers gem now forces use of secure redirect URLs. Since OAuth2 delegates its security to HTTPS. In general – this is not a bad idea, however sometimes you will have to use non-secure redirect URI due to a fact that one server doesn’t have SSL setup.

To allow use of unsecure redirect URIs, all you need to do is change doorkeeper initializer found in config/initializers/doorkeeper.rb to:

force_ssl_in_redirect_uri false