If a user starts out in my app unauthenticated and then logs in, I can have my Rails back-end return the user data, and create a User model in my Ember app.
However, what if a user starts out in the app authenticated? How can I use session to fetch the user's details from Rails?
I'm using the ember-simple-auth-devise authenticator.
I was able to use
this.get('session.user_email')
in my application route to find the authenticated user.
The better way to do it is to reopen the session object and add a property that references the authenticated user. See this example from the guides.
Related
I followed the Rails API quick start guide and I can create a user on auth0 or log in as an existing user and validate the web token, but I cant find next steps for creating a corresponding User model in rails.
Is there any guide that shows what callbacks or data is sent back when a user makes a request so I can associate a user in my database?
When registering new users via Devise in Rails 5, I need to check if a cookie exists and if so store data from the cookie to a newly created user record. It also utilizes OmniAuth to create users from Facebook. I'm having trouble finding a way to tap into Devise's user creation and be able to access cookie information.
If I implement this directly in the RegistrationController after a user is created, I have to repeat it in the OmniAuth callbacks, which is not very DRY. Is there a better place or method to hook into this?
I came across the new_with_session method when building a new resource, but unfortunately that only gives access to the session, not cookies.
I have an app that uses ember simple-auth with torii and devise extensions.
My backend is on rails with devise to protect ressources. (BTW, I am a rails noob)
My goal is that I want users to be able to register/login with facebook, but I also need to authenticate requests made to my backend. (e.g. A user can only access his account info)
If I take each authenticators by itself, it works fine. For example, I can authenticate a user through facebook. And I can register and sign in on my rails server. However, I want the registration to happen through facebook( No forms to fill for the user)
The questions I have are:
- What information should I persist on my server so that I can identify a facebook authenticated user and authorize him to access ressources?
- Is there a more straight forward way to do it ?
- Does it even make sense to have 2 authentication processes ?
If you're using Facebook login the only data you need to persist is the App-scoped User ID (https://developers.facebook.com/docs/apps/upgrading#upgrading_v2_0_user_ids)
That's a unique ID generated for the user in your App. When the user logs into your App with Facebook you only have to get back this ID and then match it in your database.
I hope it helps.
I am using twitter #anywhere JS API in my application and don't know how to use their methods and properly execute them. At present, I am following this docs for the API.
I am working on a scenario where, I need to check from my app, if any twitter user is logged in on the same browser, get the current twitter user details and cross check with my app for the twitter user. If the user exists in my app, automatically login the user. (more importantly it should not ask the user to connect to the twitter app. Without asking the credentials I need to get the currentUser)
NOTE: Facebook already supports this type of method. We can get the facebook loggedin user session from getSession() method.
Is there anyone there to help me out on this one?
We have a Rails 3 app using session-based authentication (modified acts_as_authenticated), and a Flex app that needs to be embedded in an html.erb template. The Flex app needs to access routes that have a before_filter set to check if the user is logged in. When interacting with the HTML site, this causes the user to be redirected to a login page, then sets a Rails session property (tied to a cookie) to record that the user is logged in when making future requests.
The Flex app needs to access XML that's generated by Rails (behind the before_filter) and I don't want to force the user to log in twice -- what should I be passing as a flash parameter to the Flex app so that it can present as "already logged in" if that session exists (ie, the user has logged in via the HTML interface)? I haven't dealt with this kind of problem before so I'm not sure if I'm even asking the right question. Any advice appreciated!
Integrating flash into your authenticated service can be tricky. You can't rely on normal http sessions or cookies to manage authentication for you. What is generally regarded best practice is to generate a unique token for each logged in user to pass on every request to the server to prove that they are in fact a logged in user. for example:
They log in through an html form.
When you serve up a swf that is going to access authenticated content you give it a flashvar of token=49r03f0239fhduffnkdjfgnas or something like that.
This token is generated server-side and stored somewhere to be checked on requests.
On every request to the server you pass this token and check it's validity.
If it's good you perform the action and return the data.
If it's bad you prompt the user.
notes:
tokens should be long and unguessable like a session variable.
each time they log in you need to generate a new token.
each time they log out you need to destroy the token.