Rails 5 application: form and api authentication tutorial? - ruby-on-rails

Are there any good tutorial to create an auth system from scraths with form and api authentication?
I found a lot of tutorial but unfortunately they implement only form based or only api based authentication.
But I would like to build a form and api based.
Because for the SEO the server side rendering is important so I can create a registration and login form too. But API based important for a mobile app application.

Here are some resources, that you might find useful. I have used the first one frequently in the past.
http://railscasts.com/episodes/250-authentication-from-scratch
https://gist.github.com/thebucknerlife/10090014
https://rubyplus.com/articles/4171-Authentication-from-Scratch-in-Rails-5
https://www.sitepoint.com/rails-userpassword-authentication-from-scratch-part-i/
How to create authentication from scratch in rails 4
I hope this gives you some inspiration.

Related

Rails API authentication for SPA and Client App

I created a Rails API application, that is currently do his job awesomely, but I realized that is missing the most important part, a login from the React application and at the same time the authentication from a python application I developed that should consume those API as well.
Now, looking at the various offering, seems all fuzzy, at least from my prospective and I would like to have an advice that is not from 2016 or before but that is actual today.
Many solutions on the net, was getting dirty the main ApplicationController, that didn't make sense to me.
So I thought that a 'modern' way or let's say, 'a way' is to use doorkeep and devise.
I thought about Doorkeep because allow me to have the 'Applications' therefore I can delegate to applications the authentication in the proper way while using the JWT for the SPA application, but honestly I don't know from where to start deciding :)
I wanted to share here also the link of a blog post that inspired this question: https://www.vic-l.com/jwt-with-refresh-token-using-devise-and-doorkeeper-without-authorization/
Sadly something I found still, without an answer, at the moment, is Setting up DoorKeeper with multiple Rails/React applications?
Now, I can use doorkeeper to manage the JWT for the SPA and the applications for the client in Python ?
Thanks in advance!

Implement OAuth provider in Rails for use with a single client application

I'm working on building a closed community forum for members of an existing site I also built. I'd like to allow members to sign in to the new forum using their existing accounts on the main application. The forum will be on a different domain from the main site.
This will be my first time using OAuth. Most information on the web about it seems to skew heavily toward allowing users to sign in with Twitter/Facebook/etc accounts, and there's very little information that seems pertinent to what I'm working on.
I'd like to create an OAuth provider in the original web app and a OAuth client in the new app I'm building. No other providers will be used, and no other client sites will be authenticating off this main site. Additionally, I need to avoid any sort of "authorize this web site" intermediary step for my users.
The main site is Rails 4 with Devise, and the new site is Rails 5. I'd like to stick with Devise on the new site as well, which I understand can function as an OAuth client. Doorkeeper seems like it could be overkill for my exceedingly simple needs, but most other information I've found is years out of date, so I don't want to invest time pursuing an implementation that won't work or is not the current best approach.
What is currently the best way to handle this kind of single-client, single-provider setup?

Angular2 - Authentication with auth0 or rails?

Cause i'm new to the whole angular (specific angular2) thing i wonder about something.
I want to build an "api" backend with rails 5 as they released the api mode and my frontend with angular2. Because i'm used to rails i wanted to implement a devise user authentication and because i'm new to angular2 i searched for a way to authenticate the user against my rails/devise backend.
But all i find are tutorials about angular2 and auth0, which i never heared before.
So my question is, is it "normal" to user angular2 with auth0 authentication?
And when i use auth0 my user data are not in my database right? So how do i create relationships with my rails models?
Would be great if someone can explain that to me or link me some article if they exists.
Auth0 is one of the many choices available to you. If you'd like to use Auth0 but store credentials in your own database, there is a tutorial for setting that up with Auth0.
So it can be normal to use Auth0, and you can also have your user data available in your own database-- do keep in mind you'll need to secure user credentials thoroughly when storing them yourself though!
I've also faced the same problem and considered Devise (going so far as setting up a Rails+Devise landing page that redirected users to the Angular app after successful login). After much pain I have come to the same recommendation as Kassandra, that using JWT authentication is the way to go.
However, if you plan to use Auth0 note that after 7000 users have signed up you will need to upgrade. This may not be a problem for you but since I plan to deploy something substantial it's a decision I had to think about.

Angular/Ionic/Phonegap app with rails API web service Auth

I have recently decided to experiment with Angular/Ionic/Phonegap with a Rails API Web Service as backend, to create my first mobile app.
I am from a Rails background and usually use Devise to handle my user authentication/User object to which I assign Roles using Rolify.
Doing some reading, it seems to me that this is not the same methodology that I would have to follow for a mobile app as seen in this question? What I would ideally like to have, is for users to sign in / up using their Facebook accounts, which would create their User record. My web service will then assign the required roles etc.
So my question:
Should I be using Devise/Rolify/Pundit ?
Is there a better/more efficient way to handle this process using this stack?
Thanks
You can use Devise with the omniauth-facebook gem. There are some nice articles out there on how to implement.
Along with this question you should hopefully be able to work it out.
Any backend auth service should really work fine. We use Devise and have found it to work well with angular and ionic. We recently wrote a tutorial on how to set up Ionic with Devise that you might find useful.

Ruby on Rails CRUD and User authentication and authorization module

hope you all doing well.
my question is on ruby technology, we are developing an web based application using rails framework and ruby. I need to know how the routing works (routes.rb), can some one send me a link of sample CRUD application which I can use in my project.
I need also User authentication and authorization framework using ruby which is readily available.
very urgent,
many many thanks :)
Basically, you are asking how Ruby on Rails works and how to getting started.
I encourage you to start from the official documentation, including the Wiki site and Guides.
You can find information about Rails routing here. More answers about Rails Authentication and Authorization here and here.
For a quick way of creating a Rails CRUD application with user authentication and authorization, please see the Bullet on Rails project. Bullet on Rails is a project I created a while ago to help me quick start creating CRUD apps with authorization included and AJAX crud.
Since you seem to be new to Rails, I also recommend that you read the documentation suggested by weppos.

Resources