Twitter has application-only authentication for their api: https://dev.twitter.com/docs/auth/application-only-auth

Twitter offers applications the ability to issue authenticated requests on behalf of the application itself (as opposed to on behalf of a specific user)

I want to do the same with doorkeeper in Rails, but I'm not sure how to do that. It seems to be only possible to authenticate users via a callback url, but how can I access my API using the applications context (only by using the app ID and app secret)

My first idea was to do a password credentials login with the app's ID and secret to obtain an access token that belongs to the application. Is this a bad idea? Is it safe from a security point of view? I am wondering because the app's secret is saved as plain text in the db, which is a no go for user authentication.

It is something you can definitely do : you can see on the example here where it generate a token with client_credentials, but no username / password :

curl -i http://localhost:5100/oauth/token \
-F grant_type="client_credentials" \
-F client_id="your_application_id" \
-F client_secret="your_secret"

Up to you after to check if you have a resource_owner associated to your doorkeeper_token.