Project

omniauth-doordash-oauth2

0.0
No release in over 3 years
omniauth-doordash-oauth2dan1d/omniauth-doordash-oauth2HomepageDocumentationSource CodeBug TrackerWiki
An OmniAuth strategy for authenticating with DoorDash using JWT-based authentication (HMAC-SHA256). DoorDash does not use standard OAuth2 flows; instead, each API request is signed with a JWT using developer credentials.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
 Popularity
Downloads
105
Stars
0
Forks
0
Watchers
0
 Releases
Current version
0.1.0
Total releases
1
First release
1980-01-02
Latest release
1980-01-02
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2026-03-17
Reverse Dependencies
0

 Dependencies

Development

rspec
~> 3.12
rubocop
~> 1.75
rubocop-rspec
~> 3.5
simplecov
~> 0.22
simplecov-json
~> 0.2
webmock
~> 3.18

Runtime

jwt
~> 2.0
omniauth
~> 2.0
 Project Readme

OmniAuth DoorDash OAuth2

Gem Version CI Coverage: 100% License: MIT

An OmniAuth strategy for authenticating with DoorDash using JWT-based authentication.

Note: DoorDash does NOT use standard OAuth2 flows. Instead, each API request is signed with a JWT using HMAC-SHA256. This gem implements OmniAuth::Strategy directly (not OmniAuth::Strategies::OAuth2).

Installation

Add this line to your application's Gemfile:

gem 'omniauth-doordash-oauth2'

And then execute:

bundle install

Or install it yourself as:

gem install omniauth-doordash-oauth2

Usage

Rails with Devise

In your config/initializers/devise.rb:

config.omniauth :doordash_oauth2,
  developer_id: ENV["DOORDASH_DEVELOPER_ID"],
  key_id: ENV["DOORDASH_KEY_ID"],
  signing_secret: ENV["DOORDASH_SIGNING_SECRET"]

Standalone OmniAuth

In your Rack middleware configuration:

use OmniAuth::Builder do
  provider :doordash_oauth2,
    developer_id: ENV["DOORDASH_DEVELOPER_ID"],
    key_id: ENV["DOORDASH_KEY_ID"],
    signing_secret: ENV["DOORDASH_SIGNING_SECRET"]
end

Auth Hash Schema

The auth hash returned by this strategy has the following structure:

{
  provider: "doordash_oauth2",
  uid: "external_business_id",  # Falls back to developer_id if API unavailable
  info: {
    name: "Store Name",
    business_name: "Store Name",
    email: nil                  # DoorDash does not provide merchant email
  },
  extra: {
    raw_info: {
      "store_id" => "external_business_id",
      "store_name" => "Store Name",
      "id" => "external_business_id"
    }
  }
}

JWT Authentication Details

DoorDash uses JWT-based authentication instead of OAuth2. Each API request includes a signed JWT in the Authorization header.

JWT Header

{
  "alg": "HS256",
  "dd-ver": "DD-JWT-V1"
}

JWT Payload

{
  "aud": "doordash",
  "iss": "<developer_id>",
  "kid": "<key_id>",
  "exp": "<now + 300>",
  "iat": "<now>"
}

The signing secret is base64url-encoded. The gem automatically decodes it (adding padding if needed) before signing.

Configuration Options

Option Required Default Description
developer_id Yes nil Your DoorDash developer ID
key_id Yes nil Your DoorDash key ID
signing_secret Yes nil Your DoorDash signing secret (base64url-encoded)
api_base_url No https://openapi.doordash.com DoorDash API base URL

Development

After checking out the repo, run bundle install to install dependencies.

# Run tests
bundle exec rspec

# Run linter
bundle exec rubocop

# Run both (default rake task)
bundle exec rake

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/dan1d/omniauth-doordash-oauth2.

License

The gem is available as open source under the terms of the MIT License.