I am trying to create an API for an application (both in Rails), but I have many doubts regarding authentication through an API.
Contextualizing a bit what I'm doing.
To create the API in Rails I'm using the rails-api and
devise_token_auth gems.
For the application that will consume the API's services I'm using
the httparty gem.
Now the question I have is with respect to login, the description in devise_token_auth about the sign_in path is:
Email authentication. Requires email and password as params. This route will return a JSON representation of the User model on successful login along with the access-token and client in the header of the response.
The problem is that I don't know how to handle the access-token, for example, if I execute this:
#result = HTTParty.post('url_of_my_api_on_heroku/auth/sign_in', :body => {"email": "someemail#example.com", "password": "ABCDEFGHI"}.to_json, :headers => { 'Content-Type' => 'application/json' })
On the application that will consume the API's services and I display the value of #result I can see the user data successfully... BUT I don't know how to get the access-token, nor use it.
I need some help, please.
This is how you get the access-token:
#result = HTTParty.post('url_of_my_api_on_heroku/auth/sign_in', :body => {"email": "someemail#example.com", "password": "ABCDEFGHI"}.to_json, :headers => { 'Content-Type' => 'application/json' })
#access_token = #result_login.headers["access-token"]
Now #access_token will have the current value of the access-token.
Related
In a Rails application, a user has to be redirected to an external site for external processing. The controller generates a valid JSON string and a set of headers:
#result = HTTParty.post(
"https://some-test.supertester.com/checkout",
:verify => false,
:body => JSON.parse(#payment).to_json,
headers: {
'Content-Type' => 'application/json',
'X-TimeStamp' => "#{Time.now.to_i}",
'X-API-ID:' => "#{#api_id}",
'X-API-Signature:' => "#{#api_signature}"
},
timeout: 20
)
This action is launched by the user via:
<%= link_to t('proceed'), data_url_cart_path(id: #existing_cart.id), class: 'button' %>
whose controller action generates the above JSON string and call.
However, Rails tries to respond to this action with a view with the same action's name (even generating a blank with format.json { head :no_content }), when the goal is to redirect the user to the aforementioned URL with the defined headers and payload.
How can this be achieved?
HTTParty is making a network request with a json payload. In this situation #response will be the response from the network request. If you call puts #response.parsed_response.inspect you will see the json returned with said response in the terminal window running your Rails server.
I think you may not need to redirect the user to an external site at all, but instead check the response to see if the action you were trying to make was successful and handle it in your own application.
Hi I'm new to Ruby/Rails and I had a question about handling an OAuth response with the Ruby version of GitHub's Octokit. After reading the documentation I'm a little confused about how to follow best practices with the wrapper vs with RestClient. When I authorize my app the response returns a "code" which I'm supposed to exchange for an access token.
In the GitHub API documentation it shows a Sinatra example of this with Restclient, which is currently in my create action of the sessions controller. However, it says you should approach it differently when building an app and that you should use the Octokit library, but I can't find any documentation on exactly how to exchange the code for an access token with Octokit.
My goal is to be able to crete a new member for the app via a user's GitHub account, save that info, & then sign them in with that account, rather then ever creating a username/password. I've pasted my new.html.erb code below to show the request that I am making as well. Really appreciate any help, thank you!
Sessions Controller
class SessionsController < ApplicationController
def new
#client_id = Octokit.client_id
end
def create
# CHANGE THIS TO USE OCTOKIT INSTEAD
session_code = request.env['rack.request.query_hash']['code']
result = RestClient.post('https://github.com/login/oauth/access_token',
{:client_id => Octokit.client_id,
:client_secret => Octokit.client_secret,
:code => session_code},
:accept => :json)
access_token = JSON.parse(result)['access_token']
end
end
OAuth Request
<p>
Sign In with GitHub
</p>
<p>
Click here to begin!</a>
</p>
As it doesn't explicitly state this in the README. What I recommend is always going through the source code to get a better understanding of how a gem works. Often you will find that the gem's creator(s) have written great code that is self-explanatory, and sometimes even commented to provide more info as in the situation below. Here is the method you're looking for, good luck on your journey to learn to Ruby/Rails and welcome! Let me know if you have any more questions and run into any more issues getting this to work.
# Retrieve the access_token.
#
# #param code [String] Authorization code generated by GitHub.
# #param app_id [String] Client Id we received when our application was registered with GitHub.
# #param app_secret [String] Client Secret we received when our application was registered with GitHub.
# #return [Sawyer::Resource] Hash holding the access token.
# #see http://developer.github.com/v3/oauth/#web-application-flow
# #example
# Octokit.exchange_code_for_token('aaaa', 'xxxx', 'yyyy', {:accept => 'application/json'})
def exchange_code_for_token(code, app_id = client_id, app_secret = client_secret, options = {})
options.merge!({
:code => code,
:client_id => app_id,
:client_secret => app_secret,
:headers => {
:content_type => 'application/json',
:accept => 'application/json'
}
})
post "#{web_endpoint}login/oauth/access_token", options
end
Forgive me if this is a stupid question, novice programmer here.
I am trying to use the Soundcloud API to authenticate users in my Rails 3.2.14 app. I'm using the code directly from the Soundcloud developer docs, like so:
client = Soundcloud.new(
:client_id => 'MY_CLIENT_ID',
:client_secret => 'MY_CLIENT_SECRET',
:redirect_uri => 'http://localhost:3000/auth/soundcloud/callback'
)
# redirect user to authorize URL
redirect_to client.authorize_url(:scope => 'non-expiring')
And when I GET the callback URI:
client = Soundcloud.new(
:client_id => 'MY_CLIENT_ID',
:client_secret => 'MY_CLIENT_SECRET',
:redirect_uri => 'http://localhost:3000/auth/soundcloud/callback'
)
# exchange authorization code for access token
code = params[:code]
access_token = client.exchange_token(:code => code)
Everything works fine (I am taken to the Soundcloud page to give my app permissions) but when I am sent back to the callback URI I receive the following error:
SoundCloud::ResponseError at /auth/soundcloud/callback
HTTP status: 401 Unauthorized Error: invalid_grant
I've obviously googled this and the only suggestion made was that my token is expiring. That doesn't make sense to me because I'm not reusing the access_token later, I'm just doing the initial authentication. Just in case I included the scope => non-expiring parameter when I redirected to Soundcloud, which made no difference.
Any suggestions? Has anyone had success integrating Rails with Soundcloud recently? All of the resources I've found seem quite outdated.
I got this error, when I was not exchanging the :code for the access_token correctly. Check your variables using pry and make sure your :code is not nil
its also shows up when the access_token has expired, I know you are passing in :scope => 'non-expiring', but perhaps it loses the parameter at some point
Hi there i have a problem while accessing Pingdom API from my rails app. Here is the code:
auth = {:username => pingdom_username, :password => pingdom_password, :key => application_key }
response =HTTParty.get("https://api.pingdom.com/api/2.0/checks", :basic_auth => auth)
I have tried in many ways (putting the app key as a separate header, having different names :key, :app_key, :api_key) but i always receive error as a mistake with the application key:
so,
puts response.body
returns:
{"error":{"statuscode":403,"statusdesc":"Forbidden","errormessage":"Missing application key. Please see the documentation."}}
Any Ideas what am I doing Wrong? Thank you in advance
I found my misstake :) THe key should be provided as an HTTP header
One way can be:
response = HTTParty.get("https://api.pingdom.com/api/2.0/checks", :basic_auth => auth, :headers => {"App-Key" => application_key})
the other way is creating a class where you set the parameters and than you call get through this class.
class Pingdom
include HTTParty
headers "App-Key" => "xxxxxxxxxxxxxxxxxxxxxxxxxxxm6ogjzpd7v"
end
response = Pingdom.get("https://api.pingdom.com/api/2.0/checks", :basic_auth => auth)
Can someone post an example of creating a record in quickbooks online / intuit anywhere, using ruby and httparty?
I am working on an integration to a ruby on rails app using intuit anywhere, and am running into an issue with my POST request when attempting to create a new record. I have been able to successfully retrieve data (customers) using a POST command that doesn't require XML data in the body of the request, but am running into trouble when trying to create new records that have required fields that need to be passed in XML in the body of the request.
I get the same flavor of error in any entity for which I try to create a record for: an invalid or missing required field. It seems to me that the XML in the body (where the data for the required fields is added) is either being ignored (incorrect formatting?) or is not being attached.
I was hoping the someone else familiar with ruby could post an example of a record creation using httparty. If I could see how to correctly pass the XML using httparty, I can fix my problem myself.
I have been using the customer.com example (https://code.intuit.com/integration/viewvc/viewvc.cgi/IntuitAnywhere-Ruby/customer.com/?root=intuitanywhere&system=exsy1003) mostly as posted, with a few irrelevant modifications needed to get it to work in Rails 3.1. I am using the data pull and handling provided in the example, which looks like a pretty standard API wrapper built using httparty.
I am using a pull similar to the one found in the company_controller customers method. Here are two different ways I have tried submitting the XML:
#########################################
#Example 1 - XML
e = #company.intuit_token.post("https://qbo.intuit.com/qbo1/resource/account/v2/#{#company.realm}",
{ :body =>
"<Account xmlns:ns2=\"http://www.intuit.com/sb/cdm/qbo\" xmlns=\"http://www.intuit.com/sb/cdm/v2\">
<Name>Test Account 2</Name>
<Desc>Test Account</Desc>
<Subtype>Savings</Subtype>
<AcctNum>5001</AcctNum>
<OpeningBalanceDate>2010-05-14</OpeningBalanceDate>
</Account>",
:headers => {
"Content-Type" => "application/xml"
}}
)
#########################################
#Example 2 - hash
e = #company.intuit_token.post("https://qbo.intuit.com/qbo1/resource/account/v2/#{#company.realm}",
{ :body => {
:Account => {
:Name => "Loan Account 2",
:Desc => "Loac Account 2",
:Subtype => "Savings",
:AcctNum => "5001",
:OpeningBalanceDate => "2011-04-22"
}
},
:headers => {
"Content-Type" => "application/xml"
}}
)
I incorrectly assumed the customer.com example provided by intuit was using the httparty gem to make the POST call, so I was using the wrong syntax. They are actually using the OAuth gem's POST call, who's syntax can be found here: http://oauth.rubyforge.org/rdoc/classes/OAuth/AccessToken.html
I also had to modify the headers to get the Intuit Anywhere service to accept the XML body. Here is the code that finally worked for me to create a record in quickbooks online using intuit anywhere:
e = #company.intuit_token.post("https://qbo.intuit.com/qbo1/resource/account/v2/#{#company.realm}", "<Account xmlns:ns2=\"http://www.intuit.com/sb/cdm/qbo\" xmlns=\"http://www.intuit.com/sb/cdm/v2\"><Name>Test Account </Name><Desc>Test Account</Desc><Subtype>Savings</Subtype><AcctNum>5002</AcctNum><OpeningBalanceDate>2010-05-14</OpeningBalanceDate></Account>", {"Content-Type" => "application/xml", "standalone" => "yes", "encoding" => "UTF-8"})