Shouldn't this gem override the Devise SessionsController ?

[zedtux]

When I create a session, using this gem, I'm expecting to get the access token, refresh token and fingerprint as response but got the user instead.

Shouldn't this gem override the Devise SessionsController in order to return the tokens and add a /me and /renew endpoints allowing one to create a session, get the tokens, retrieving the user's data and renew token from the Devise controller?

In other words, how to use this gem with a React (or whatever JavaScript) application?

[zedtux]

After some more digging, I figured out the way to use this gem :

Instead of using the standard Devise form, posting to the /users/sign_in URL with the email and password parameters, the form have to be adapted in order to use the doorkeeper /oauth/token URL with email, password, grant_type, client_id and client_secret.

I'm now reading about the client_secret in JavaScript since it cannot be stored securely in a browser...

Since Devise is a password grant type -- if I can tell it like this --, by overriding the Devise's SessionsController, the JavaScript app would just have to pass the client_id to the standard Device route and the Ruby code would update the request with the grant_type and the client_secret and return the tokens. Does that make sense?