I have a project where I want to develop the frontend in Next.js (requests based on fetch API from JS) and the backend in RoR and I am having a hard time to get the User authentication to work. I have researched and found four possible solutions:
Sessions and cookies
JWT
devise_token_auth
devise-jwt
I have tried to implement some of them but i always end up getting a server error on client requests at some point. I would like to know if anyone has any resources where I can get to know more about and learn more about it so I can implement such authentication in my project.
If I could take advantage of devise would be even better, since I already have it setup for ActiveAdmin (wanna use the admin dashboard)
Thanks a lot in advance.
I used to use devise, but have since moved to AWS Cognito which handles everything for you and is customizable as needed. You might look into it.
https://aws.amazon.com/cognito/
Related
I created a Rails API application, that is currently do his job awesomely, but I realized that is missing the most important part, a login from the React application and at the same time the authentication from a python application I developed that should consume those API as well.
Now, looking at the various offering, seems all fuzzy, at least from my prospective and I would like to have an advice that is not from 2016 or before but that is actual today.
Many solutions on the net, was getting dirty the main ApplicationController, that didn't make sense to me.
So I thought that a 'modern' way or let's say, 'a way' is to use doorkeep and devise.
I thought about Doorkeep because allow me to have the 'Applications' therefore I can delegate to applications the authentication in the proper way while using the JWT for the SPA application, but honestly I don't know from where to start deciding :)
I wanted to share here also the link of a blog post that inspired this question: https://www.vic-l.com/jwt-with-refresh-token-using-devise-and-doorkeeper-without-authorization/
Sadly something I found still, without an answer, at the moment, is Setting up DoorKeeper with multiple Rails/React applications?
Now, I can use doorkeeper to manage the JWT for the SPA and the applications for the client in Python ?
Thanks in advance!
the service I'm developing consists of chrome extension & web application.
For it I'm trying to create 2 server:
web application server (build by Rails)
API server(build by Django) to receive requests from chrome extension and process user data.
Those application use same database, same user information.
My question is how to authenticate users -- in Rails app, users can sign-up and sign-in via form. But in API server, how to authenticate users?
One solution might be JWT authentication, user get JWT token from Rails server and send token to Django server, and Django server authenticate by JWT authorization.
Is that best practice -- or simply sending username & password is better then this?
Thanks
I honestly believe that attempting to combine these two web platforms is not the best idea. You can read feedback from a similar question here, but basically attempting to combine rails with Django will lead you down a serious rabbit hole where both Rails and Django are going to be expecting to handle the authentication. You can potentially use a different, more simple Python framework, but I think you can potentially achieve the same overall goal with a single Rails application.
If project specifications require Django, then you can potentially try the latter option of username & password to do a database read, and then manually create a JWT functionality. I think it would be really really difficult though to use many of the built in, or even open source solutions, that Django provides, which is why Django could be overkill.
Cause i'm new to the whole angular (specific angular2) thing i wonder about something.
I want to build an "api" backend with rails 5 as they released the api mode and my frontend with angular2. Because i'm used to rails i wanted to implement a devise user authentication and because i'm new to angular2 i searched for a way to authenticate the user against my rails/devise backend.
But all i find are tutorials about angular2 and auth0, which i never heared before.
So my question is, is it "normal" to user angular2 with auth0 authentication?
And when i use auth0 my user data are not in my database right? So how do i create relationships with my rails models?
Would be great if someone can explain that to me or link me some article if they exists.
Auth0 is one of the many choices available to you. If you'd like to use Auth0 but store credentials in your own database, there is a tutorial for setting that up with Auth0.
So it can be normal to use Auth0, and you can also have your user data available in your own database-- do keep in mind you'll need to secure user credentials thoroughly when storing them yourself though!
I've also faced the same problem and considered Devise (going so far as setting up a Rails+Devise landing page that redirected users to the Angular app after successful login). After much pain I have come to the same recommendation as Kassandra, that using JWT authentication is the way to go.
However, if you plan to use Auth0 note that after 7000 users have signed up you will need to upgrade. This may not be a problem for you but since I plan to deploy something substantial it's a decision I had to think about.
I have recently decided to experiment with Angular/Ionic/Phonegap with a Rails API Web Service as backend, to create my first mobile app.
I am from a Rails background and usually use Devise to handle my user authentication/User object to which I assign Roles using Rolify.
Doing some reading, it seems to me that this is not the same methodology that I would have to follow for a mobile app as seen in this question? What I would ideally like to have, is for users to sign in / up using their Facebook accounts, which would create their User record. My web service will then assign the required roles etc.
So my question:
Should I be using Devise/Rolify/Pundit ?
Is there a better/more efficient way to handle this process using this stack?
Thanks
You can use Devise with the omniauth-facebook gem. There are some nice articles out there on how to implement.
Along with this question you should hopefully be able to work it out.
Any backend auth service should really work fine. We use Devise and have found it to work well with angular and ionic. We recently wrote a tutorial on how to set up Ionic with Devise that you might find useful.
I have been trying to figure out how to integrate a node.js app into a rails app and having them share sessions. I've so far only been able to dig up sharing sessions between sinatra and ruby on rails via rack middleware. Is it possible to to do this?
I thought of a workaround involving the ror implementing a rest service that "poops" out a guid that node.js can use to create its own session. This solution however requires having model validations ad such stored in two seperate apps.
just wondering if there was a way to integrate them.
and while using a js based webframework like geddy or express is cool, I have alot of existing rails code and 3rd party libraries such as active merchant that I would have to reinvent.
how about using something like memcached to share a validation mechanism, for example set a session in rails and for every message to the nodeJs server a token is given, nodeJs checks on memcached if the token exists and grants or denies based on that. You would of course add the record on memcached from the rails app
Isn't that the same as sharing authentication between two different domains like openid, facebook connect, twitter sign-in.
from rails site do an openid like redirect to node.js with the authentication information encrypted inside the url and vica versa?
I am wondering if it is not possible to use Custom OAuth Provider Strategy from connect-auth and vica versa because connect-auth is "Authentication middleware for connect". I haven't figured the complete details out, but this might be an option?