I am trying to implement a facebook user authentication in my iOS6 App through my Rails Backend running with Devise using omniauth. I am looking for a step by step guide how to setup my API and Devise + Authentication.
I only have a only have a rough knowledge about how to do that.
(on App) check if the user signs in on his facebook on iPhone
iPhone is authenticated client sided on Facebook. FB passes me his mobile auth token
I send my auth token or auth hash to my rails backend via API RESTful SSL.
Rails receives the Token and checks if it is valid. ( What command uses the least traffic against FB Graph API? with Koala Gem)
If valid. Check if the user already exists. If not, create a new user.
Create a new session.
Is this correct?
Are there any good examples?
Thank you very much.
I'm not familiar with the iPhone piece, but your approach after that is generally accurate. The only exception is that you would typically use provider + uid to find or create a user, rather than a token. That might be what you meant by your #5, but it wasn't clear to me.
Beyond that, there is a good (paid) Railscast on the subject of Omniauth + Devise, which would probably be worth the price for you:
http://railscasts.com/episodes/235-devise-and-omniauth-revised
It covers how you can receive and handle the auth hash, and it gives you a nice starting point for what your methods will look like.
if you don't access to pro episodes i have some links to help.
http://jessewolgamott.com/blog/2012/01/19/the-one-with-a-json-api-login-using-devise/
you can also look into it
http://net.tutsplus.com/tutorials/ruby/how-to-use-omniauth-to-authenticate-your-users/
Nice and easy to code
http://blog.joshsoftware.com/2010/12/16/multiple-applications-with-devise-omniauth-and-single-sign-on/
I hope these will work for you :)
http://www.orhancanceylan.com/rails-twitter-and-facebook-authentications-with-omniauth-and-devise/
Related
I'm building an iOS app with Rails on the back-end.
The Rails application uses Devise for authentication and I want to use the same service for the authentication on the iOS app. Is there any way that after authenticating, keeping the session even after the app restarts, so that it goes straight to the content of the app instead of the login screen?
I've looked around, but haven't found a clear answer.
Thanks on advance!
One solution could be to extend the existing devise models and controllers to also handle a token based authentication system. Based on the request type html or json, the app can choose to authenticate a user either by the authentication token and email or a combination of username/email and password.
The authentication token could could be saved on the client side and reset only when the user logs out.
I was recently working on the same problem and found these sources to be extremely useful.
https://gist.github.com/josevalim/fb706b1e933ef01e4fb6
http://www.soryy.com/blog/2014/apis-with-devise/
https://github.com/lynndylanhurley/devise_token_auth
I am currently developing an app that will use the FB SDK (for the first time) to log a user into the app. The flow is typical, I assume. User taps "log in with facebook", facebook graph authenticates, then we do a call to our api and log the user in via their facebook email (only) we have on file.
However, whats freaking me out here is, theoretically if some knew our api_token, and knew that calling a POST to a login url with only a valid existing email to log them in, isn't that a security issue since they could actually log in as someone else. Am I over thinking this? Understandably, they'd have to know every aspect of the api to do any damage. But still, I'm not feeling comfortable with this flow. Am I missing something?
This shouldn't be something you have to worry about. Facebook first protects you by having the requirement for the user to be logged into Facebook. Next, the user's UID(readily available to anyone) and your API Key isn't enough. They'd still need your API Secret Key (which if someone has is a bad thing) to sign requests as you.
What you're really using is OAuth (though Devise, through OmniAuth). I'm not an expert but you can read more here: http://hueniverse.com/oauth/guide/security/
When a user registers via OAuth, you aren't going to have a password set for them, and that's not a huge deal as they have to also first log into Facebook. It might be a good idea though to ask them to set a password if they ever edit their account, that also means they can sign in the old fashion way if they desire/delete Facebook/etc.
I am new Rails developer. Right now, I can let user register in my Rails App. I have database running also.
Todo:
After user register. I will ask permission to access his twitter. And I can access his tweets(including location information in tweets).
About this part, I have no idea how to do now? Can anyone give some links where I should start? I guess first step is I need authentication from twitter right?
Thanks
You are right, first of all you need authentication user from twitter: railscasts. Then you will find all methods there twitter api
in my rails web application I am implementing Facebook connectivity. I want that whenever user updates his/her status on my site his/her facebook status should also be updated. Is there any working rails application for this?
Please help.Thank you.
Have a look at the Koala gem which acts as a client to the Facebook graph API and does exactly what you need.
fb_graph as well also accomplishes what the koala gem does .
Though to update on a user to user basis you'll need to have some sort of login system in place. In that case I'd look at Devise using omniauth to accomplish this.
I use devise + omniauth for authentication and getting the right access token.
I use Koala for updating + reading information.
I'm loving the ease of OmniAuth, but I'm having a hard time connecting the dots on making additional api calls after I receive the token back.
I'll use LinkedIn as an example, but it's not LinkedIn that's the issue, more so my lack of understanding on how to make subsequent calls after I have authenticated.
I can make the request to LinkedIn and authenticate just fine.
Then I get the hash back and it's completely populated.
Now I would like to call LinkedIn back and get my complete profile data or maybe a list of contacts. How do I do this? Will I need the oauth gem after all?
I'd prefer to avoid app specific gems because I will have to make the same requests to twitter and facebook.
Omniauth is designed for authentification only.
Marcel Falliere is right. Omniauth is just for authentication.
You can have a look at this plugin, it could solve your problem.
https://github.com/pengwynn/linkedin
I think I just found out the answer to it.
after completion of oauth process with service provider(fb, twitter) omniauth saves the user. here it passes a hash to the user object and the content of hash are here https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema these credentials part can be used to request further request( infact u will have to save these in your user object).