Token-based Authentication - Ruby on Rails - ruby-on-rails

I need to generate a User and Admin login page. I followed the instructions contained in the following link. https://www.pluralsight.com/guides/ruby-ruby-on-rails/token-based-authentication-with-ruby-on-rails-5-api What does api-only app mean?

In normal applications the web pages will be generated and given to browsers. The api-only apps the views will be generated by client apps which runs on browsers. The front-end frameworks will helps you to generate the page according to the data provided from server usually JSON. If you are creating applications which runs on web and other platform specific apps, then you have to create API's using which you can run single app server which serves request independent of platform. You can dive deep into architectures like REST, frameworks like Angular, Backbone, React.

Here the complete guide.
Using Rails for API-only Applications
Update:
For JWT auth I will recommend to use Knock. This is tested and simple solution.

Related

Rails Frontend, Backend, and API

Does your Rails app have to be API-Only to be able to use the API generator? I want to create my fronted and backend using Ruby on Rails. Then build a mobile using the API.
Does your Rails app have to be API-Only to be able to use the API
generator?
No, it can be a normal web application and you can build an API alongside it. The term API-only came from Rails 5 where it introduced a way to generate a Rails API-only applications that are different from normal web applications. For more information, have a look into these guides
You can access your API throught a different route, as in www.myapp.com/api/request, and access your Rails application throught www.myapp.com/request, for example

Existing Ruby on Rails web app on Heroku (PostgreSQL), Devise authentication, need to add Rails API for mobile backed

I have an existing RoR web application which currently uses Devise for authentication.
I am planning on adding API functionality in one manner or another for a mobile backend.
Would you recommend adding API functionality to the web application and using JWT, for example, to enable mobile authentication. Alternatively, would you have two separate applications, a web application and an API, sharing the same Postgres instance on Heroku?
I see pros and cons both ways, but it would seem to me that separating it into two applications would outweigh adding API functionality to the web app. Perhaps, it would make most sense to start over with just an API and add mobile app client and web application client functionality.
Creating a new API only backend might be easier at first, but you would have to copy all your app logic in the models over and keeping both sides up to date will be a pain. You can do it in the same rails app if you namespace the new API so that all calls are under a /api_v1 or something like that. Here is an article that show how you can have different versions of your API.
JWTs for authentication is a great way of doing it and Devise can support them by adding a gem like devise-jwt since adding a route and handling the creation and updating of tokens by yourself is a lot of work.
For the API itself you might want to consider using JSON:API with the jsonapi-rails gem or GraphQL with the graphql gem. This way when someone wants to use your API they can use an adapter for their framework that can talk to that kind of API and not have to worry about the structure of what it returns. There are adapters for both APIs that work with Andrioid, IOS, Ember, React, and all other major frontend frameworks.

Authentication with an Existing External API

I am building a Ruby on Rails (Rails - v4.2.3 & Ruby 2.2.2) App which consumes an existing REST API.
The aforementioned API is written in PHP.
I need help regarding how to manage the authentication?
On searching through various forums I came across these two gems
https://github.com/lynndylanhurley/devise_token_auth
https://github.com/gonzalo-bulnes/simple_token_authentication
The problem I am facing with both is that they require my app to have a users model configured (using Devise).
However My app is primarily a front end for the Existing REST API, so if I do configure my own User model, I will end up with two Data Stores (One for the APP I make and the other for the existing API).
I wish to consume the external API and not have any native models for my APP.
I believe I can use ActiveResource for this (I need more reputation points to post a link to the gem, sorry I cannot do that right now, I am new to StackOverflow):
However I am not sure how to go about managing the security of the application. More specifically what measures can I take to prevent the authentication information from being viewed in plaintext while it is being transmitted to my API server for authentication?
Thank You.
Use HTTPS on your API. If your external API is using HTTPS then user info wouldn't be sent in plaintext from your rails app.
Don't forget to use HTTPS for your rails app too, as that is more important.

Ruby on Rails application/REST API authentication architecture

I'm going to develop a Ruby on Rails application (basically a back-office) which at the same time will serve data for an Android mobile app via the REST interface Rails provides.
My concerns here are the following: how should I manage and structure my ROR application so that REST calls from Android are authenticated with an API Key + user ID (I was also thinking in using OAuth) and, on the other side, users can interact with via back-office.
Should I use for example different controllers for the same resources (thus, increasing complexity) for BO accesses and Mobile client accesses (so I can implement different auth logic)?
Is there any standard/common way (aka gem) to manage and implement this behavior?
Thanks in advance!

How do I build an API for my Rails app, so that multiple sites can share one database?

I have a Rails application that right now is pretty standard: Heroku/PostgreSQL backend, users go directly to my site to update data, there's no mobile app or anything. We're going to start licensing out the tech to other companies, so that different versions of the interface live on company1.mywebsite.com, company2.mywebsite.com, etc, where all of these interfaces share the same database.
I want some advice on how to go about building this. Do I create a separate Rails app for company1, company2, etc (with a lot of redundant code) and then set up each of them with API keys to query my master app, using its RESTful routes?
Any tutorials to point me to would be great as well.
I recommend you the book Service Oriented Design with Ruby and Rails, by Paul Dix. It has a lot of info about the kind of system that you want to build.
To answer your question:
Build an API server. It serves a JSON – for example – RESTful interface.
api.mydomain/client1/users.json
Build a frontend server. It consume the API service – using typhoeus for example – and serves the final pages. It uses a subdomain or domain name for identification of different clients.
client1.mydomain/users
We have a similar "platform".
What we did:
build a master API app (REST + Push)
build a core plugin for rails which has all the shared code
build a separate rails app for each client which has all the client specific code
We are using this setup for 3 years now and I'm pretty happy with it.

Resources