I need to create a new web application along with the REST apis for mobile applications.I am planning to use Authlogic for authentication purpose. I want to know what is the best way to provide authentication for mobile devices? While searching I have found that we can authenticate mobile devices using access token, is their any plugin available for this or is it enough to generate an access token for each users while login/registration and make them to communicate with the web application with that access token in each request.
Using devise gem you can generate authentication tokens.Based on this authentication tokens you can validate the userin mobile apps using REST api.We done this for android apps..
You can use the sub-module Authlogic::ActsAsAuthentic::PersistenceToken.
Related
I'm developing a Rails app (with Devise) to expose an API to be consumed by both web clients (React SPA) and mobile clients (iOS and Android).
For web clients I'd like to use cookie authentication to avoid the problem of where to securely store the token (I would also use a cookie to pass the CSRF token to the web client).
For mobile apps I'd like to use some kind of token authentication to simplify and avoid the need for cookies and CSRF on those platforms.
I looked briefly at the popular gems devise-token-auth and devise-jwt which add token support to Devise but the documentation for both (see here and here) suggest that cookie auth and token auth won't work within the same controller.
How would you configure a Rails API to use cookies for web clients and tokens for mobile apps?
I am building an iOS application with swift and this application has a web client that's using Microsoft Azure services. I want to add sign in and login functionality to the application using Microsoft Azure. I am not using any cloud applications or services. I will just have simple forms for signing up and logging in. I want to be able to save user credentials to authenticate and authorize them when they are using the application. I tried reading over their documentation and It seems to me that I need to use Azure Active Directory but I am not clear on that.
I am fairly new to Microsoft Azure, Can anyone clarify to me if I can use it and provide resources of how to do that.. ?
The simplest way to implement that is to use Azure Mobile Apps - it is the backend-as-a-service. You are able to connect your backend with the authentication providers of a choice - Facebook, Azure Active Directory, custom provider, etc. Then, when user will try to authenticate, all of the authentication code will be handled by a cloud platform - user will enter his credentials, these will be sent to the auth provider and if they are valid it will send the auth token that you will be able to use in your app to get his information, etc.
Here is the tutorial for Mobile Apps for iOS.
Or, you may use Azure Active Directory directly as a provider (it will serve as a catalogue of your users). Using that tutorial or the samples from the official library. But i would highly recommend to look at Mobile Apps as it is the fast and simple way to implement what you need.
I'm pretty confused on what authentication method to use for my android/ios app.
I'm trying to create login for user and maintain session on the app. If token based authentication is used for session, then it should have expiry time.
Shall I go ahead with ApiAuth token based authentication or Json Web Token authentication for my native apps. Please help me to choose.
From my experience, we have a substantially complex Rails API which is consumed by both iOS and Android client apps. We use JWT for authentication and it's working pretty well. There is a jwt ruby gem as well. It's easy to have expiry time using JWT. This is also one of the most popular choices of it's kind, so I think you can definitely give this a shot.
I am building a mobile app that authenticates to a rails server using token authentication. I am using Devise for authentication and have figured out a way to make it work on mobile. But I also have a web app. The web app is not consuming json API but it's just a regular rails web app.
Now the problem is I want to be able to use token based authentication for mobile, but at the same time allow users to sign in via web interface.
How can I make this work?
I'm developing a mobile app that will interact with a rails app that's essentialy a json api. Is it possible to use an external identity provider such as facebook or googleplus to secure the access to my API?
Users will upload a photo to a json rest service but the rails app would only allow the upload if the uses is authenticated with one of those providers.
I've checked omniauth gem but I don't know if that's the path to do it. I don't understand very well how oauth works so I'm trying to know if this would be possible to do.
Regards
Fak
The answer, in part depends on how you're going to provide Identity via the mobile app. The user's authentication, and their identity are de-coupled.
My guess is you're wanting the user to authenticate to the mobile app using the Google/Facebook sdk app side. To do so, you'll need to use that sdk to generate a token, which can then be saved to Rails. The token can then be required as part of each API request - which rails will validate.
The topic is a bit complex to fully describe the flow....but in essence: 1) Create the token on the mobile app using the mobile sdk, 2) save the user and token to Rails/database, 3) as part of every request check the access_token provided.
Since the topic of Oauth and request/identity providers takes some time to understand, I would first watch he following railscasts on securing an API. Once you're done with that one (and understand the concept), you can also watch this railscast.
Hope this helps.