I am working on a Rails 5 API only app using JWT tokens.
I'd like to use Rails Admin for internal processes and would like to configure Devise (or Clearance) for auth for staff members instead of integrating JWT tokens with Rails Admin directly.
The problem I have is once I set up Devise or Clearance (the controllers, models, and routes are there) the sign in screens return an empty HTML page.
There are some related issues with Clearance mentioned in https://github.com/thoughtbot/clearance/issues/741 but I've been unable to figure out why the HTML does not load.
The Rails API does exclude some middleware but it's not clear to me which is missing or causing the issue. Thanks.
I solved the problem by converting the Rails API only app to be a normal Rails app. Not the best solution, in my opinion, but it works!
Related
I have implemented the devise+patreon gem in my Rails application without issues. Now, devise requires an email/password by default when creating a User, but Patreon just uses the oauth integration.
I am wondering, what is the proper strategy to use so that I can migrate the Patreon Oauth users as Devise users, without having to set dummy passwords/emails to allow for validation to go through. I still want to eventually allow users to register via Devise natively, as well as through Patreon.
Is there maybe a known strategy/gem/addition for devise that I may have missed that can easily achieve that?
You can retrieve the user email and a lot of other infos (see here) about the user in the login call to patreon's services, but password will remain unknown, you can't just copy & paste a User.
I'm creating a Rails app which have both a GUI part, and a REST/JSON-API.
The REST/JSON API is fairly simple, and the controller returns data like this:
def get_players
#players = Player.all
render json: #players
end
The GUI part of the app is using Devise for authentication, and it works fine.
Now I want to add authentication for the REST/JSON Api too, how do I do that?
Also, how do I test the REST API using curl when the Authentication is added?
---- edit ----
as it turns out, Devise wasnt necessary in this case. A home-cooked token-authentication method works for now. (token created when Player is created, and returned on correct e-mail/password combo).
After getting a few tips, I found a number of great sites. There are several ways to do this, however I don't know which one is best, but these sites help a long way:
https://github.com/lynndylanhurley/devise_token_auth (An extension to
Devise)
https://labs.kollegorna.se/blog/2015/04/build-an-api-now/
(Manual way)
Token based authentication for Rails JSON APIs (SO Question)
Rails API : Best way to implement authentication? (SO Question)
Rails API : Best way to implement authentication?
I am using ruby-cas client, for an authentification based on a CAS.
I would like to link the ruby_cas authentication to my application :
when we log in with cas, in additon to the CAS session created, a session for my application is also created.
What should i do?
thanks
You could use devise and devise_cas_authenticatable
This should work for Rails 3. I am trying to make it work with rails 4 but rubycas-client (needed for devise_cas_authenticatable) is giving me a lot of trouble. However I haven't surrendered yet :)
Referring to: Ember authentication best practices?
We have two separate apps: a Rails backend/API and a standalone Ember app. The Ember app will speak to the Rails API.
I've found ember-auth (https://github.com/heartsentwined/ember-auth), but I don't understand why I'm going to benefit from it.
Here's what I want to do :
- When logging in, Ember sends username and password to my /accounts/login endpoint.
- If correct, Rails responds with the authentication token.
- Ember will store the authentication token locally and pass it along with each subsequent requests. I do not want my tokens to expire so users can always close the browser, come back, and still be logged in.
Is there any issues with my approach? What about security?
Take a look at these two Embercasts videos:
Client-side Authentication Part 1
http://www.embercasts.com/episodes/client-side-authentication-part-1
Client-side Authentication Part 2
http://www.embercasts.com/episodes/client-side-authentication-part-2
And this blog post:
Authentication in ember.js
http://log.simplabs.com/post/53016599611/authentication-in-ember-js
I'd like my users to be able to use Google Translate with my Rails apps. I have forms and login for the app. I keep getting the Rails InvalidAuthenticityToken when using the app through Google Translate.
Any insights on how i can get both to work? I am using Rails 2.5.x.
Thank you!
PS: To clarify, this the authenticity token works fine without going through Google Translate. I suspect it's something to do with the domain?
This is a feature of rails that prevents cross site scripting attacks. It really depends what you are doing but what you need to do is pass this secret that rails passes in every params hash. Check you log file or server or debug your params and you will see this. It is a really long code.
This code is generate in your environment.rb file so whenever you pass params to your application you need to include this file.