I am developing Rails application, in which I need to authorize users from other site written on PHP.
The APIs of PHP site written by its developer are custom i.e. they are not OmniAuth or similar.
I wonder, if there is elegant way to somehow integrate my code sending/receiving JSON responses to/from PHP site into Devise, so it could work like I am doing authentication of users in usual Devise way from my app.
Thanks.
Here is the link to official answer, I got from Devise maintainers: https://groups.google.com/d/msg/plataformatec-devise/lB4e0nYiM_U/RPDReqjO67QJ. Which means, the short answer is NO.
Related
I have a project where I want to develop the frontend in Next.js (requests based on fetch API from JS) and the backend in RoR and I am having a hard time to get the User authentication to work. I have researched and found four possible solutions:
Sessions and cookies
JWT
devise_token_auth
devise-jwt
I have tried to implement some of them but i always end up getting a server error on client requests at some point. I would like to know if anyone has any resources where I can get to know more about and learn more about it so I can implement such authentication in my project.
If I could take advantage of devise would be even better, since I already have it setup for ActiveAdmin (wanna use the admin dashboard)
Thanks a lot in advance.
I used to use devise, but have since moved to AWS Cognito which handles everything for you and is customizable as needed. You might look into it.
https://aws.amazon.com/cognito/
I created a Rails API application, that is currently do his job awesomely, but I realized that is missing the most important part, a login from the React application and at the same time the authentication from a python application I developed that should consume those API as well.
Now, looking at the various offering, seems all fuzzy, at least from my prospective and I would like to have an advice that is not from 2016 or before but that is actual today.
Many solutions on the net, was getting dirty the main ApplicationController, that didn't make sense to me.
So I thought that a 'modern' way or let's say, 'a way' is to use doorkeep and devise.
I thought about Doorkeep because allow me to have the 'Applications' therefore I can delegate to applications the authentication in the proper way while using the JWT for the SPA application, but honestly I don't know from where to start deciding :)
I wanted to share here also the link of a blog post that inspired this question: https://www.vic-l.com/jwt-with-refresh-token-using-devise-and-doorkeeper-without-authorization/
Sadly something I found still, without an answer, at the moment, is Setting up DoorKeeper with multiple Rails/React applications?
Now, I can use doorkeeper to manage the JWT for the SPA and the applications for the client in Python ?
Thanks in advance!
I have recently decided to experiment with Angular/Ionic/Phonegap with a Rails API Web Service as backend, to create my first mobile app.
I am from a Rails background and usually use Devise to handle my user authentication/User object to which I assign Roles using Rolify.
Doing some reading, it seems to me that this is not the same methodology that I would have to follow for a mobile app as seen in this question? What I would ideally like to have, is for users to sign in / up using their Facebook accounts, which would create their User record. My web service will then assign the required roles etc.
So my question:
Should I be using Devise/Rolify/Pundit ?
Is there a better/more efficient way to handle this process using this stack?
Thanks
You can use Devise with the omniauth-facebook gem. There are some nice articles out there on how to implement.
Along with this question you should hopefully be able to work it out.
Any backend auth service should really work fine. We use Devise and have found it to work well with angular and ionic. We recently wrote a tutorial on how to set up Ionic with Devise that you might find useful.
Using Ruby on Rails, I've been trying to find best practices for building an authentication API in order to ensure security. Are there guidelines or aspects I should pay attention to?
You should use gems for authentication Devise or AuthLogic. They're quite good, have a lot of functionality and are extendable. Devise has RESTful API. Have a look inside the code.
I need to create a secure sign up/login page for my website. I am coding in Ruby on Rails.
I don't know the first thing about doing this. I can create a simple sign up page, but how do I make sure that it is a secure page? I.e. I want the login/signup page to have a https://... URL (properly signed and whatnot).
What all do I need to do to go about this? Is there some way to make this process as easy as possible in ruby (i.e. is there some gem that allows for HTTPS logins/signups)?
Thanks!
You don't need to implement this yourself. There are a couple of gems to help you do that.
I use Devise, here's a simple howto http://blazingcloud.net/2011/01/08/devise-authentication-in-rails-3/
If you'd like to handle Facebook, twitter, openId and more, I recommend using Omniauth, it works well with devise.
Here is a tutorial to help you get started
https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
HTTPS is not an issue for your signup page, you'll have to purchase the certificate and run your server appropriately.
Devise is one of many great gems to use for authentication in rails but you should absolutely learn what's going on in the background before you start using one them. You should start with a tutorial on how an authentication system works. Michael Hartl's tutorial is the best IMHO. Good luck!
Sorcery is the easier and more modular option. I totally recommend it over Devise.
https://github.com/NoamB/sorcery
There is a recent Railscast.