I am building a mobile app that authenticates to a rails server using token authentication. I am using Devise for authentication and have figured out a way to make it work on mobile. But I also have a web app. The web app is not consuming json API but it's just a regular rails web app.
Now the problem is I want to be able to use token based authentication for mobile, but at the same time allow users to sign in via web interface.
How can I make this work?
Related
I'm developing a Rails app (with Devise) to expose an API to be consumed by both web clients (React SPA) and mobile clients (iOS and Android).
For web clients I'd like to use cookie authentication to avoid the problem of where to securely store the token (I would also use a cookie to pass the CSRF token to the web client).
For mobile apps I'd like to use some kind of token authentication to simplify and avoid the need for cookies and CSRF on those platforms.
I looked briefly at the popular gems devise-token-auth and devise-jwt which add token support to Devise but the documentation for both (see here and here) suggest that cookie auth and token auth won't work within the same controller.
How would you configure a Rails API to use cookies for web clients and tokens for mobile apps?
I am developing a Spring Boot application that will provide a web app and a REST interface for an iOS application that a colleague develops.
The Spring Boot MVC web application already uses Spring Security with a form based login and a JPA entity for authentication of users with roles. Everything pretty straightforward.
We want to use OAuth2 for connecting the iOS app to the server for accessing the REST API so that we do not have to store the username/password on the device.
What would be the easiest configuration for this?
Do we need to call /oauth/authorize or would it be enough to call /oauth/token to get an access and a refresh token by sending the username/password the user provides once in a form in the iOS app?
I want the iOS application to be authenticated as the user via oauth token afterwards so that it can access the entities assigned to the user.
How do we allow a second client to authenticate users and access our api authorized backend? Please correct any part of my understanding that is incorrect.
User authentication is register / login / logout portion of your app.
App authorization for an api is confirming your app has permission to access an api.
A user should be logged in to the app and the app should be authorized in order for the user to access the api.
It is important to keep user authentication separate from app authorization because different clients (apps) may access our services through our api. Accordingly different users may have different access rights.
Consider a simple web app. Rails with devise is used in the app (api client) for user authentication. The app then accesses the rails-api using doorkeeper for app authorization.
Consider then adding a simple mobile app. How would the mobile app access the same user authentication service? How would we allow mobile app access to our user authorization service?
Would we need to separate the user authentication service into its own api using a separate instance of doorkeeper to authorize the mobile app and web app before creating users and then after authenticating users again authorize the app plus logged in user to access the backend api?
I'm sure it should be easier than described. Any resources, books, videos also appreciated.
If I understood your question correctly, what you are a looking for is a Service Oriented Authentication. Basically, the authentication provider could use Devise + Doorkeeper. Then the consumers could use omniauth-oauth2.
A good tutorial on oauth2: https://www.youtube.com/watch?v=zTsyeMV-N0c
Rails specific implementation: https://www.youtube.com/watch?v=L1B_HpCW8bs
Cheers!
I have a rails app that stores my user information and data using the Sorcery gem, and I would like to have a chrome extension I am working on, authenticate with my rails app.
I cannot seem to find any references to an API in Sorcery which would allow me to authenticate using my user database from an external source.
How do I expose my sorcery-powered rails app as an oauth server, such that I can store a key, which I can attach to my javascript application when I make an AJAX to my api.
Is it possible to do so, and/or what is the best practice for cross-site authentication? Like how should I store the authenticated user information etc?
i don't know if sorcery supports token authentication.
devise does, and it's really simple:
https://github.com/plataformatec/devise/wiki/How-To:-Simple-Token-Authentication-Example
I need to create a new web application along with the REST apis for mobile applications.I am planning to use Authlogic for authentication purpose. I want to know what is the best way to provide authentication for mobile devices? While searching I have found that we can authenticate mobile devices using access token, is their any plugin available for this or is it enough to generate an access token for each users while login/registration and make them to communicate with the web application with that access token in each request.
Using devise gem you can generate authentication tokens.Based on this authentication tokens you can validate the userin mobile apps using REST api.We done this for android apps..
You can use the sub-module Authlogic::ActsAsAuthentic::PersistenceToken.