I would like to access my Google Drive account via their API inside of a Rails application. The idea is that I will store files, but I don't believe I need to implement any authorisation for it (like with Oauth2, for example), since I only want to access my account.
I have been researching for 2 days, but the Google documentation seems very confused and not very clear.
I started in vain with this guide https://developers.google.com/drive/api/v3/quickstart/ruby and tried to co-opt it for use inside of Rails, but since it relies on storing a token file returned upon authentication, I figured this wasn't really the right approach.
I don't have any code to share, just looking for some clarity on how I can achieve what I'm trying to do, or indeed if it's even possible.
Additional Info:
I'm using Devise for my own authentication, so implementing omniauth through that would be an option if it's necessary. I looked through some documentation around that which Devise has on their side, but I didn't want to go through that (it seemed like a lot) before knowing it was the correct course of action.
You need OAuth 2.0 to authorize requests on the Drive API as described on the documentation. In that link, you can find: «All requests to the Drive API must be authorized by an authenticated user».
To complete that authorization process, you should follow the instructions on the Drive API Ruby Quickstart linked on your question. Generating and saving a credentials.json for later use is the normal approach in this situation. Here you can read about using OAuth 2.0 over different scenarios.
I hope to have cleared your doubts on this topic, but feel free to ask further questions.
Related
I'm working on a fairly basic Alexa skill that, in essence, searches through a specific Twitter feed looking for a hashtag, parses that tweet, and reads it back. The simplest way to do this seems to be using the Twitter API, since scraping appears to be against the TOS.
... crawling the Services is permissible if done in accordance with the provisions of the robots.txt file, however, scraping the Services without the prior consent of Twitter is expressly prohibited.
I've been having some trouble understanding how account linking works, as I've never dealt with OAuth before. I've been trying to follow the one tutorial around, but neither the text or video version were clear me.
Why the need for an external webapp?
...we need an OAuth implementation of our own to make the integration work correctly
What's wrong with the one provided by Twitter? Why can't any issues be fixed within the Lambda method, since the account integration isn't being touched otherwise AFAIK? Isn't having the tokens passed around via the URL a bad idea too? Their example code seems to require that the Consumer Secret be hard coded too.
Enter: “https://alexa-twitter-airport-info.herokuapp.com/oauth/request_token?vendor_id=XXXXXX&consumer_key=YYYYYY&consumer_secret=ZZZZZZ”.
At the very least, their webapp seems to be down for the time being, and it'd be nice to have an option that doesn't require paying money to host another copy.
I've seen this post discussing a Node.js OAuth implementation, but the necessity for such an implementation still escapes me.
I would like to know if One Drive supports those four ways of Authorization. Please refer to this link. https://www.rfc-editor.org/rfc/rfc6749#page-23
We are integrating our DVR and NVR with One Drive now and we need to understand which authorization method One Drive supports. We are trying to use OneDrive with embedded ARM processors, so the user does not have access to a browser as they would for a web-app.
Please kindly advise how we should proceed from here. Thanks for your time and I look forward to hearing from you.
Best Wishes,
Ted Yang
I am going to say yes, OneDrive probably supports those ways of authorization, because on their authentication documentations page they say the following:
The OneDrive API uses the standard OAuth 2.0 authentication scheme to authenticate users and generate access tokens.
That link takes us to the oauth.net site page for OAuth 2.0. On that page, we find the following:
The final version of the spec can be found at https://www.rfc-editor.org/rfc/rfc6749
which is the document you linked. The OneDrive API documentation says it supports OAuth 2.0, and your linking the definition of OAuth 2.0, so I think it's safe to say it's supported. How to use it is another question entirely, and one I am unable to answer.
I will note, however, that on the OAuth page, they have this to say about it's uses (emphasis mine):
OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices.
I would presume that living room devices could include DVRs, and although your DVRs are for security purposes, the development of cloud storage APIs for either would undoubtedly be similar. So I would say this is probably quite possible.
How to do it:
First things first, you'll need to register your app. This gets you a client id and a client secret which you'll need. Registration directions
There are two methods: token flow and code flow. Token flow is two steps, and code flow is three steps. However token flow uses tokens that expire, so it would require the user to reenter thigns periodically. You therefor want to use code flow. Here's some directions for that.
Basically the steps of the code flow are:
Get an authorization code
User authorization code to get an access token
User access token to make API calls
You WILL need to make HTTP requests. I'm sure you should be able to do this with ARM embedded C. However, step 1 is what gives you to the Microsoft account login page. I am note sure how to circumvent this, exactly. I'm not sure you're supposed to be ABLE to circumvent this, since Microsoft doesn't want you handling their customers' passwords.
They have an example in Javascript that might give useful details on oauth in the oauth.js file. Javascript sample project
I need to develop an API to be the core of a web APP.
My initial idea was making a REST API that would treat all the request and then create some clients for web, mobile and desktop.
My question is, How should I manage the authentication for this situation?
I thought about using a token that would be passed with all requests to the REST API.
Im my case, I would not like to have something like OAuth because the ecosystem will not have multiple apps like Facebook/Twitter does.
NOTE: I must have the API separated from the client for web.
In more details, I would request POST /users/auth passing their password and username, and receive an auth token.
Is it a good approach or there is something better?
Agree that Devise is great for the auth in the application. For the API level, 3scale could help a lot (http://www.3scale.net) - it takes care of rate limits, keys, oauth secret distribution, analytics, developer portal and other stuff. There's a ruby plugin to get started here: https://github.com/3scale/3scale_ws_api_for_ruby.
Devise is a fantastic gem that handles authentication in rails apps. It also provides token based authentication. You can find many resources on the web (for example here) explainig how to use it. No doubt it will fit for your situation.
I've got a rails app I want to start enabling some iOS integration with. I have a basic authentication system built mostly from scratch with a little help from Sorcery.
My understanding is there's basically two options for mobile integration: HTTP Basic Auth or Token Auth. From what I've been able to find so far it looks like Token Authentication is the preferred method.
I am not familiar with what token authentication is or how it is supposed to work, and I have not really been able to find any decent guides on this, except for a few tutorials on how to use the relevant module in the Devise library.
So, my question is, what is the basic theory of Token Authentication, and what would a from-scratch token auth system in rails look like? I understand that sharing the code for the entire system might be overkill for an SO answer, but I would be very grateful if anyone can help me understand a basic schematic of how such a system is supposed to work. I'd also happily accept links to any good existing materials on how to do this from scratch, as the main problem is I haven't been able to find anything like that.
Thanks!
Devise and Authlogic have a nice Token Authentication solution. You can either use one of these gems or to implement your own check their source code for inspiration.
Below is my understanding of how token authentication works:
The user signs in using a username/password combination through a
post request.
You authenticate the user and generate a unique token and
store it in the db.
You send this token back to the iOS device.
The device stores this token in memory.
Any subsequent call to the api need this token passed in as an
additional param to auth the user.
For this process to be secure this token needs to have an expiration
date and the communication between the iOS device and the server
must be encrypted through SSL.
For convenience you can store the user credentials on the device
using the iOS keychain.
I hope this helps.
I think there are three difficulties here.
There are very few books focused on authentication technique
The key word "token authentication" is confusing to use in security/authentication field.
Rails related documentation tend to be "how to."
So, Googling won't reveal good resources for this purpose. I know this field well, but it's difficult, especially due to reason 2.
In my understanding, "token" here work as an authenticated identity in the system, and provide bridge between authentication system and authorization system. But to understand this, you must understand overall system.
Let me provide few pointer with regard to authentication technique books and some papers here.
Butler Lampson did many work related authentication, and some of the articles are very good material to understand authentication/authorization framework. that might be helpful. One of the example is Computer security in the real world(2004).
Book written for Public Key Infrastructure(PKI) might be helpful. there are several of such. Such as Understanding PKI: Concepts, Standards, and Deployment Considerations, 2nd edition
Hope this helps.
ember-auth has a nice tutorial for token authentication for rails with devise and ember. However, it could also be applied to sorcery or to a custom authentication system. I think this is the best approach to authentication for an ember.js App.
https://github.com/heartsentwined/ember-auth-rails-demo
I found the gmail_xoauth gem, which does most of what I need, but I also need to generate the oauth tokens (consumer_key and consumer_secret) from inside Rails3.
I am trying to integrate Gmail's oauth integration into my site and hence cannot use the python script that the above gem refers to. I would like my site to take the user to the authentication page and extract the consumer_key/secret tokens.
I am new to OAuth, so maybe there's something obvious that I am missing.
UPDATE: I solved the above, and have written a blog post with the details (since its too big to fit here).
http://blog.asif.in/blog/2012/03/03/google-oauth-and-rails/
You may want to check out OmniAuth. It's a gem that encapsulates/abstracts a lot of the underlying protocol work that must be done for OAuth, as well as other authentication/authorization protocols like OpenID and LDAP. I'm not well versed on Google's API for sending/receiving email, but authenticating is the first step.
The OmniAuth wiki has a very good tutorial on using it with OpenID and Google Apps, although this may not be quite what you're looking for when it comes to IMAP. You may need to write your own provider for OmniAuth (a good tutorial describing this is available). Google also provides a reference site for authenticating/authorizing via IMAP and OAuth. The most relevant part of that to you would most likely be the page detailing the protocol.
Hope that helps!
I'm not going to write the full code for you, but do you know PHP? You could have a look at the way this example works:
http://googlecodesamples.com/docs/php/Docs.php
...then make something similar in Ruby.
This is a Google Code Sample from the following site:
http://googlecodesamples.com/