I've built multiple Rails/React applications for my company (all in one using Rails 6. Rails renders json to React).
All applications will be on the same domain and eventually, access rights will be done via VPN. For now, I would like to build a Single Sign On app that would give a list of apps to choose from (Accounts, Dashboard, Audits, etc). Based on the users credentials, they may or may not have certain privileges on these applications.
I appears that the Doorkeeper Gem is the way to go and that the SSO app would also be using Devise for User?
I should add but not sure if it makes a difference. Some of the apps are Rails MVC only. Others use Rails api and React frontend.
And do I create a 'portal' app with just User and devise?
Here's a wireframe of the setup:
Related
I'm building a facebook app using Ruby on Rails and the Koala gem to build my own login flow.
https://github.com/arsduo/koala
https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/
My question is pretty simply.
Assuming the following case:
-A user who is trying to connect to my app has multiple facebook pages that they admin. I would like them to be able to select only the specific pages that they want me to admin while denying access to the rest.
The reason is that alot of the admins that will be using my app manages large numbers of pages. I cant imagine them being ok with me getting permissions to all their pages when i only need permissions for a small subset of pages.
I'm using Ruby on Rails
You can't. According to Facebook "Tokens and Rules", the "manage_pages" permission is:
Enables your app to retrieve Page Access Tokens for the Pages and Apps that the person administrates.
You could get tokens just for the pages they wish to manage with you and add it to your TOC
I am using rails 4 and developing my first API. The API will be used solely for our android and ios apps to communicate with the rails app / database.
I am struggling to see the difference between API authentication and user authentication when it comes to an API. It seems people use these terms interchangeably.
I want my api to be secure, meaning only the apps can submit http requests, but I also want users to be able to log in. And when I say users, I mean app users... not outside clients who are accessing our api (we don't want this at all).
Would love if someone could clear this up for me. I may just not be thinking about it in the right way, therefore confusing myself.
So to break it down, these are the two things I need to be able to do:
secure the api of course... making it so only the mobile apps can access it
users are able to log in and access their profile, resources that belongs_to to them, etc. When users aren't logged in, they still need to be able to see the index and other pages that don't require a logged in user.
thx!
Have you heard of JWT? It's a good option to hadle users with the app and rails api separated.
Gem for jwt in rails: https://github.com/nsarno/knock
I run a small SaaS platform that allows businesses to whitelabel my solution into their existing websites. I've had a few potential customers ask if I support SSO.
I've never built out SSO before - what would be the best way to support allowing 3rd parties to integrate their existing user accounts via SSO into my app? I already have my own authentication system using Devise. I'm concerned adding SSO support would add another complex layer around the existing authentication model?
Basically what I have now are 2 apps, 1 is php and the other one is rails. The rails app is the main app at the moment and contains all the user info, since I'm having a new php based app, I'd like to skip the whole registration and authentication part on php and immediately have it authenticate on the rails app instead via devise.
Are there any good reading materials or anyone can guide me here on how to properly do this?
I'm working on a school project. We are going to make a bug/rodent themed tower defense game. The game will primarily be an Android app. There will also be (at least we want there to be) a Ruby on Rails website/application tied together with it.
One of the requirements for the project is to implement three levels of user that will interact with the project. We decided that the three types of users will be administrators, guest players, and players with accounts. Players with accounts will be able to accumulate perks. Guest players will be able to play, but won't have any capacity to earn perks over time. The administrators will be able to manage the users with accounts (delete, edit, et cetera) via a web browser and the Rails application.
I want the users with accounts to be able to login to the Rails application via the Android app. There will be parts of the game that only users with accounts will be able to access. How can we create a login/logout scheme for the Android app? I'm thinking it will be something like the user enters their username/password, taps login, and then the Android app will send a request to the Rails side. Once the user is logged in via the Android app, they can access certain parts of the Android app that guest users cannot.
How would I go about this? I'm not sure where to start.
Would the Android app, using Java, send http requests to the Rails application (sending the username and password)? Then would the Rails application send back some sort of success? How would the Android app hold onto this successful login like a session in a web browser? Also, the Android app will need to update user attributes in the Rails database (something like accumulated perks).
Is this possible?
I've seen miscellaneous information about how to do this scattered online in blogs, on stackoverflow, and on discussion boards. But, I haven't found a coherent solution for my group's needs.
Thanks.
You can use your rails apps as an oauth provider (https://github.com/pelle/oauth-plugin) and use an oauth client library on the mobile application