I have two rails application running at different ports. First at 3000 and the second at 4000. Both of them use Devise gem for auth.
First application plays the role of OAuth provider and the second on OAuth consumer.
I’ve followed this and that tutorials to build my environment.

Almost all works fine. I’ve successfully generated key and secret for consumer application. And successfully authorize at provider application.

There are two methods at my client application:

    def auth
      @consumer = OAuth::Consumer.new 'KEY', 'SECRET', :site => "http://localhost:3000"
      @request_token = @consumer.get_request_token
      session[:request_token] = @request_token
      redirect_to @request_token.authorize_url
    end

    def auth_callback
      @request_token ||= session[:request_token]
      @access_token = @request_token.get_access_token :oauth_verifier => params[:oauth_verifier]
      @request = @access_token.get '/user_info.json'
      render :text => @request.body.inspect
   end

And API method at provider application:

    class UsersController < InheritedResources::Base
      before_filter :login_or_oauth_required
      load_and_authorize_resource

      def info
        logger.info current_user.present? # => false
        @info = {   } # here I've collect user info for current_user
        respond_to do |format|
          format.json { render :json => @info }
        end
      end
    end

Shit happens when I try getting user info at line: @request = @access_token.get '/user_info.json'
When I call it in consumer application user already unauthorized at provider application.

How I can stay authorized at provider’s resource?

upd: I’ve got current_user.present? # => false in case I pass authorization for info action (before_filter :login_or_oauth_required, :except => [:info]) otherwise I’ve got redirected to login page.