How to share authentication information across multiple rails apps
We use omniauth, devise gems to enable authentication across (facebook, twitter, salesforce, regular user, LDAP, Microsoft Active Directory). We have multiple rails apps and would like to re-use authentication + authorization (cancan) using SSO. How should we go about supporting this?
You can create an OAuth 2 provider with Doorkeeper, either setting it up on the app that currently handles authentication, or extract it as a separate app that only deals with authentication.
Then you can create your own OmniAuth strategy which you can use in all your apps.
Related
How do we allow a second client to authenticate users and access our api authorized backend? Please correct any part of my understanding that is incorrect.
User authentication is register / login / logout portion of your app.
App authorization for an api is confirming your app has permission to access an api.
A user should be logged in to the app and the app should be authorized in order for the user to access the api.
It is important to keep user authentication separate from app authorization because different clients (apps) may access our services through our api. Accordingly different users may have different access rights.
Consider a simple web app. Rails with devise is used in the app (api client) for user authentication. The app then accesses the rails-api using doorkeeper for app authorization.
Consider then adding a simple mobile app. How would the mobile app access the same user authentication service? How would we allow mobile app access to our user authorization service?
Would we need to separate the user authentication service into its own api using a separate instance of doorkeeper to authorize the mobile app and web app before creating users and then after authenticating users again authorize the app plus logged in user to access the backend api?
I'm sure it should be easier than described. Any resources, books, videos also appreciated.
If I understood your question correctly, what you are a looking for is a Service Oriented Authentication. Basically, the authentication provider could use Devise + Doorkeeper. Then the consumers could use omniauth-oauth2.
A good tutorial on oauth2: https://www.youtube.com/watch?v=zTsyeMV-N0c
Rails specific implementation: https://www.youtube.com/watch?v=L1B_HpCW8bs
Cheers!
I have a Rails application with admin accounts using Devise for authentication. I am creating a second application and would like to authenticate using the first application instead of duplicating admin accounts in the second application. So my idea is to turn the first application into an OAuth provider so that the second app can simply act as an OAuth client using something like OmniAuth. Have you done this before? Is there a plugin which adds the ability to Devise to be able to act as an OAuth provider? What do I need to change/add in order to turn the app into an OAuth provider?
Use Doorkeeper gem. Its easy to introduce OAuth 2 provider functionality to your application. It can be also integrated with Devise.
Doorkeeper also provides a configuration option to auto-approve and skip the authorization step. This is useful when working with a set of trusted applications, so that you don't confuse your users by requiring them to "authorize" your company's trusted app.
# in config/initializers/doorkeeper.rb
Doorkeeper.configure do
# ...other config options...
skip_authorization do
true
end
end
Im developing and application that will need constant updates from users that will be gathered from their social networks (twitter, facebook, linkedin and g+), but omniauth just allows me to get this data on the authentication.
I need to get them after (with a delayed_job). I could manage to do so on facebook using Koala, but I don't really know how to do it for the other networks...
What I need to activate omniauth outside the authentication process?
You should use OmniAuth to authenticate user. Also you now have their token. Just use it to make API calls required for your task. Don't forget to have all privileges needed.
My app allows users to have custom subdomains, as in user1.domain.com. I am integrating various oauth providers, all of which support the ability to authenticate via oauth with a subdomain of the registered application domain. Is there a way this can be done with Foursquare, or if not is there a specific reason subdomains are not allowed?
You should be able to specify whatever callback URL you'd like via https://foursquare.com/oauth
I am creating an application where the only way users can create an account and then subsequently login is through OAuth.
I only have one Oauth2 authentication source.
Ideally, the User would press one button on my app, ask for their Oauth credentials, and if they are not a user, begin to create a user profile. If they are a user, log them in.
I think that Devise is an overall superior choice and i personally prefer it for my authentication routines. And it supports oauth2. So i would certainly recommend Devise.