I'm building an iOS app with Rails on the back-end.
The Rails application uses Devise for authentication and I want to use the same service for the authentication on the iOS app. Is there any way that after authenticating, keeping the session even after the app restarts, so that it goes straight to the content of the app instead of the login screen?
I've looked around, but haven't found a clear answer.
Thanks on advance!
One solution could be to extend the existing devise models and controllers to also handle a token based authentication system. Based on the request type html or json, the app can choose to authenticate a user either by the authentication token and email or a combination of username/email and password.
The authentication token could could be saved on the client side and reset only when the user logs out.
I was recently working on the same problem and found these sources to be extremely useful.
https://gist.github.com/josevalim/fb706b1e933ef01e4fb6
http://www.soryy.com/blog/2014/apis-with-devise/
https://github.com/lynndylanhurley/devise_token_auth
Related
I've built a Rails app with a simple API. I'm using Devise for authentication. I'm trying to work out how to log a user into the rails app from my iOS app so they can retrieve and post data. I've been searching all day for the best way to do this but most info is outdated (using Devise's deprecated token_authenticable solution.
I've got my rails app. I've got my iOS app. I've written my API. How do I connect the pieces together?
Thanks
Details:
My app allows users to fill in a form and have that data sent to the server. In another section of the app the user can view the data they have previously submitted. When the app first launches the user should login to their account so that the data they post is associated with them and they can only view data they have previously posted. It's quite a simple app. How do I log them in so that I can tell the API to only return their data.
Set your server up to use SSL, then the communication to the server are secure. Post the userID and password to the server in an SSL. You can pass that information on each access to the server.
If you want to pass the UserID/Password only once then you can setup a session with a cookie but you will need server support for the session and timeouts.
What you need to define is how secure you want the authentication to be. That is who are you defending against? A friend, an enemy, a government? Define the value (in $) of a security breach. Defend to this level.
I am trying to implement a facebook user authentication in my iOS6 App through my Rails Backend running with Devise using omniauth. I am looking for a step by step guide how to setup my API and Devise + Authentication.
I only have a only have a rough knowledge about how to do that.
(on App) check if the user signs in on his facebook on iPhone
iPhone is authenticated client sided on Facebook. FB passes me his mobile auth token
I send my auth token or auth hash to my rails backend via API RESTful SSL.
Rails receives the Token and checks if it is valid. ( What command uses the least traffic against FB Graph API? with Koala Gem)
If valid. Check if the user already exists. If not, create a new user.
Create a new session.
Is this correct?
Are there any good examples?
Thank you very much.
I'm not familiar with the iPhone piece, but your approach after that is generally accurate. The only exception is that you would typically use provider + uid to find or create a user, rather than a token. That might be what you meant by your #5, but it wasn't clear to me.
Beyond that, there is a good (paid) Railscast on the subject of Omniauth + Devise, which would probably be worth the price for you:
http://railscasts.com/episodes/235-devise-and-omniauth-revised
It covers how you can receive and handle the auth hash, and it gives you a nice starting point for what your methods will look like.
if you don't access to pro episodes i have some links to help.
http://jessewolgamott.com/blog/2012/01/19/the-one-with-a-json-api-login-using-devise/
you can also look into it
http://net.tutsplus.com/tutorials/ruby/how-to-use-omniauth-to-authenticate-your-users/
Nice and easy to code
http://blog.joshsoftware.com/2010/12/16/multiple-applications-with-devise-omniauth-and-single-sign-on/
I hope these will work for you :)
http://www.orhancanceylan.com/rails-twitter-and-facebook-authentications-with-omniauth-and-devise/
My question is dead simple.
Does authentication token have to be reset on user logout?
Currently I am just developing an iOS application but there's a possibility for web, iPad, and Android applications too. If a single user account has to be able to be logged in to various devices, what is the best solution to achieve this?
I am currently saving user authentication token in NSUserDefaults to send with every request.
If there is just one user account and its authentication token and a user logs out and reset the authentication token, the user won't be able to use the application on other devices such as web, iPad, and Android because the authentication token is no longer valid now.
What is the best way to achieve this login on multiple devices?
My thoughts
My one thought is to make a login model that belongs to a user model and make that login model token authenticatable. Then each login can create a login model and destroy that model after logout. I will wait for any other solutions :) gg.
As I know, token doesn't reset on logout.
I answered similar question several days ago.
Is there a solution for Rails Gem Devise to allow a user to have multiple emails?
In your case you can create for example UserDevices model instead of UserEmails and override find_for_token_authentication in User model.
Some help you can find in comments here:
https://github.com/plataformatec/devise/blob/master/lib/devise/models/token_authenticatable.rb
I am developing an web app that will be used by iphone app. I use devise as authentication and i can create a new user, login as the user and when login is done it gives out
{"user":{"authentication_token":"xxxxxxxxxxxxxxxxxx","email":"sample#example.com"}}
but how can i change the password using json.
Most likely you will need to build an API for this, utilizing Devises JSON (Warden) to respond to JSON etc
reference to help point you in the right direction creating sessions with devise
Searching SO also yields
Ajax login with devise
I have created a simple API for a Rails application using token-based-authentication that supports User Log In and Log Out and a couple of other actions to update a User's status. I want this API to be used by devices running iOS. I have based my code on the example found here. In addition to allowing a device to login and update a User's status I would like new users to be able to Sign Up from the device. However looking at Devise's helper class I can't see any methods that support Sign Up, only Log In and Log Out.
Has anyone managed to implement Sign Up through an API? Are there any security issues with allowing this? How should I approach this?
Sign up from an iOS device is really just a (JSON?) POST to the User resource using a different format responder.
This data is passed in the clear from an iOS device, so make sure you use https on these routes if you're worried about security.