Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I have a rails API which has several models, and controllers that return JSON.
The API will be responsible for managing all the data, and there will be a 2nd app for serving the web front end.
I'm wondering where the users table and authentication controller should be.
The options would be:
Keep authentication in the API, and build a web front end that queries for users/roles etc.
Implement a Devise user in the front end, completely separate from the API.
Any idea's what the best practice is for this?
Thanks for reading.
If I understand correctly, you have
1 rails app with API
1 rails app that serves the front-end, and the 1st app actually serves as backend/database for this app
Correct?
In that case I would make sure
use devise in the second (UI) app
the authentication of the API is between two servers, and you could just use a simple/effective authentication-token
the second server will protect the API from unauthorized access, since no client will ever see the url or authentication token (since it is server <-> server communication)
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
I started using Rails fairly recently. I have an API I built with it for a mobile app that's being used in production and it works great.
I now require User authentication in it.
I initially went with a devise/custom JWT warden strategy which seemed to be working just fine for me, but I'm now forced to implement an authentication code OAuth flow. I need to link an Alexa skill to my service.
For this, I need to throw a webpage saying "Alexa wants to access your data for this skill" and proceed to authenticate
The OAuth provider bit is easily possible with Doorkeeper and their wonderful docs.
With my shortsighted-ness, I made a Rails API-only app so I'm pretty clueless on how to achieve said objective.
Try inheriting your controller with ActionController::Base and create views folder and add the view file in that.
It should work.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I have build a fairly decent sized Ruby on Rails Application that works just fine. It exposes data via Rest API calls to the users, that is authenticated via token based authentication and Devise.
But now a few clients are wanting to have the application on-premise. They want their developers(windows developers) to work on the data, but in offline mode.
I have no idea if a Ruby on Rails App can be converted to a Windows Desktop App. Or do I have to build the desktop App from scratch? The Desktop App will NOT have a GUI, as the client just needs the data in Json format(Just like API calls during web-app).
The Desktop App will also have a license information too that needs to be stored in an encrypted way.
I am a complete newbee to desktop apps so please pardon me if this question seems really stupid.
Actually there's a project to do what you want to do. http://enclose.io will allow you to package your app for windows clients.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
I am pretty new to iOS and I am planning to start one iOS native application with Parse/AWS or any other cloud based DB handling. Is this a good practice or I should include mid-tier like Java and let my app talking to it instead of directly dealing with Cloud? My question is around security and scalability of my application. If I include a mid-tier then I think I can use that as an API with in Android version of my same app as well and which will make things easier for me to handle.Share your thoughts please.
First, great question. I am a long-time user of Amazon web services, where I call for the database without a middle tier. I find that the cloud balances the load well, spins up new resources well, and generally responds well.
As for the security element, you are really sending authenticated requests directly into the cloud, not to a given server. Hence, making a round trip to a specific server (linux + java) is no longer necessary. The cloud can accept datagrams with authentication information loaded.
I am not a parse person, so I may not get this answer voted, but AWS uses a security service called IAM (Identity and Access Management) which forces you to define a pool of permitted resources in your cloud. I imagine that Parse provides comparable services (if not, perhaps consider the AWS cloud), since this is how you are able to call for the database without a middle server tier.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I have application which is written with ruby on rails. I want to implement signup/login from the mobile application. I usually use devise in web application. But I have no idea about how to implement login/signup features using JSON requests and responses.
I tried to use devise token auth and I'm stuck in the middle. Devise token auth - Can't create user account after installing devise token authgem
Is there anyway to implement authentication it in a similar way?
The flow will be like >
User enter mail address and password > send a POST request to server >
User send some request to protected controllers and server respond to it if he is signed in
First you will have to make your back-end(ie devise json ready) you can use proper implementations for you from :
link 1
link 2
or of-course you can search for proper solution.
Next is, you need to keep a track of csrf token provided by application to avoid the invalid CSRF token warnings
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I started development of iOS applications using HTML5 and Phonegap.
I have a question about security here. Since iOS applications can not run PHP code, people use REST apis to communicate with the server in order to get data from a database and such. Or am I wrong?
Anyways, how can this be secure? For example, someone can just extract the code from the app and will have access to the API calls. How can this be secure? I am not looking for snippets of code, I am wondering what method is used to secure this? As of now, all I have on my head are tokens like the ones used to prevent CSRF attacks and such.
Thanks in advance!
you can use rest services but it doesnt mean you are giving the access to the service. You have to deal with the sessions but do not include clear passwords, etc., unless you connect to the backend by prompting the user, using Oath to authenticate the session and store it in the keychain. You can force the user to re insert the information when the session expires and you can check that everytime the user accesses the application.
If you decompile the app or just unzip the app, the html code can be accessed but the difference is "how you manage the connection". Obviously, as Ive told you, if you use static information (using a .plist file or whatever) your applications will be strongly inefficient and easily to break. My recommendation would be to learn how to work with keychain, NSURLCredential, OAuth and cookies management in iOS.