I have a Rails application with admin accounts using Devise for authentication. I am creating a second application and would like to authenticate using the first application instead of duplicating admin accounts in the second application. So my idea is to turn the first application into an OAuth provider so that the second app can simply act as an OAuth client using something like OmniAuth. Have you done this before? Is there a plugin which adds the ability to Devise to be able to act as an OAuth provider? What do I need to change/add in order to turn the app into an OAuth provider?
Use Doorkeeper gem. Its easy to introduce OAuth 2 provider functionality to your application. It can be also integrated with Devise.
Doorkeeper also provides a configuration option to auto-approve and skip the authorization step. This is useful when working with a set of trusted applications, so that you don't confuse your users by requiring them to "authorize" your company's trusted app.
# in config/initializers/doorkeeper.rb
Doorkeeper.configure do
# ...other config options...
skip_authorization do
true
end
end
Related
How can I generate client id and client secret for user based authorization.
I am reading this link to authorize an user. But I have no idea on generating these keys and want to authorize many users based on these keys in ruby. Any starting guidance is appreciated. Thanks
OAuth is generally used to authenticate users for your site by having them log into an external service (i.e. Facebook or Google). The OAuth keys are generally generated by the outside service. Rails has some solid user authentication gems such as Devise that include protocols for common OAuth providers.
You would get it from the Oauth provider you are using. For Google for instance you would create a new project on console.cloud.google.com or use and existing project from there. Then you would go to api's and services. Then you would set up credentials and your Oauth consent screen.
Our company has a Rails application hosted on Heroku. It currently uses Devise for user authentication.
One of our clients wants to know if their users could access our application using their ADFS implementation.
Would we be able to use Heroku Integrated security with Identity
Federation?
Would we need a 3rd party like Auth0?
Can Devise use ADFS?
Should we use OmniAuth SAML?
Not sure where to start.
I work at Stormpath, we provide an addon service in the Heroku webstore: https://elements.heroku.com/addons/stormpath
Stormpath lets you store users and authenticate them against the typical username/password stuff, AD / LDAP, SAML providers, social login providers, etc.
It pretty much supports all of the stuff you'd want to do around authentication / authorization.
Now: the way the AD stuff works is pretty cool. You have to have your client install an AD agent on their network which will basically create a reverse tunnel between their network and Stormpath.
That agent will then copy over user data into Stormpath (usrenames, email, groups, etc.), but NOT password hashes.
When a user authenticates against your site, and you make the request to Stormpath -- we'll basically talk to your AD server over that tunnel, authenticate the user against your AD server, then return a 'standardized' Stormpath Account model to make it easier to work with.
All in all: it's a really nice solution that works really well in production.
How to share authentication information across multiple rails apps
We use omniauth, devise gems to enable authentication across (facebook, twitter, salesforce, regular user, LDAP, Microsoft Active Directory). We have multiple rails apps and would like to re-use authentication + authorization (cancan) using SSO. How should we go about supporting this?
You can create an OAuth 2 provider with Doorkeeper, either setting it up on the app that currently handles authentication, or extract it as a separate app that only deals with authentication.
Then you can create your own OmniAuth strategy which you can use in all your apps.
I have both a Desktop application and a mobile application. I want to use the same rails application for both "devices". In another word, I want the mobile application to request contents on the Desktop application.
I use Devise for authentications (email + password).
I have implemented Doorkeeper on the Desktop app in order to generate an Oauth2 token for my mobile application.
Here are my questions:
I have before_filters sets in my desktop application controllers in order to secure them.
I am not sure how the mobile application should share the OAuth2 token with Devise in order to be authenticated and access my protected controllers ?
In fact, right now, it is Doorkeeper who should check the mobile token in my controllers with the doorkeeper_for :all code. But to do that I have to unable the devise protection before_filter :authenticate_user!...
Should I save the oauth token in devise too ?
I am misunderstanding how mobile applications should authenticate with devise and OAuth2 protocole ?
Thx
This is old, but doesn't have an answer yet.
Essentially Devise and Doorkeeper are doing the same thing, Devise authenticates using sessions (or token auth if you have enabled that) while Doorkeeper authenticates with OAuth tokens sent in every request.
What you probably want to do is split your application into two access points, have a regular desktop access using Devise and an API that uses Doorkeeper. Enable Devise routes for only the regular desktop controllers and enable doorkeeper routes for only the api controllers.
In your API Application Controller, you can override current_user to be something like User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token. This will match the way Devise authenticates as well.
Alternatively, if your API doesn't have to use OAuth, you could use Devise's token_authenticable config, which provides similar features as OAuth's Bearer Tokens.
I'm not sure if I understood your question but Doorkeeper locks your controller completely. No access via Devise authentication is possible if you have doorkeeper_for :all in your controller.
You will need a seperate controller to share your data via OAuth2, like an API controller for instance. Then you can request data e.g. via protocol://myapp:1234/ressource?access_token=thetoken.
Is that what you asked for? Else please clarify :)
I am creating an application where the only way users can create an account and then subsequently login is through OAuth.
I only have one Oauth2 authentication source.
Ideally, the User would press one button on my app, ask for their Oauth credentials, and if they are not a user, begin to create a user profile. If they are a user, log them in.
I think that Devise is an overall superior choice and i personally prefer it for my authentication routines. And it supports oauth2. So i would certainly recommend Devise.