ruby on Rails Rest Api + oAuth - ruby-on-rails

hello dear developers!
what are benefits of using rest api + oAuth in Rails 3 ?
where I can find a code examples of authentication (server + client)
Maybe I should use some different authenication ?
The main Idea is that clients can buy goods via restfull queries and I should
provide the highest level of reliability

Not a direct answer but a slight "redirect": Check out the omniauth gem.
Home: https://github.com/intridea/omniauth
A fork of the main repository, but more up to date right now: https://github.com/benschwarz/omniauth
While I usually don't like gems because they often cause more trouble than benefit authentication code usually does not get better when I write it myself, and this gem is pretty much standard and very widely used.

Related

Rails API authentication for SPA and Client App

I created a Rails API application, that is currently do his job awesomely, but I realized that is missing the most important part, a login from the React application and at the same time the authentication from a python application I developed that should consume those API as well.
Now, looking at the various offering, seems all fuzzy, at least from my prospective and I would like to have an advice that is not from 2016 or before but that is actual today.
Many solutions on the net, was getting dirty the main ApplicationController, that didn't make sense to me.
So I thought that a 'modern' way or let's say, 'a way' is to use doorkeep and devise.
I thought about Doorkeep because allow me to have the 'Applications' therefore I can delegate to applications the authentication in the proper way while using the JWT for the SPA application, but honestly I don't know from where to start deciding :)
I wanted to share here also the link of a blog post that inspired this question: https://www.vic-l.com/jwt-with-refresh-token-using-devise-and-doorkeeper-without-authorization/
Sadly something I found still, without an answer, at the moment, is Setting up DoorKeeper with multiple Rails/React applications?
Now, I can use doorkeeper to manage the JWT for the SPA and the applications for the client in Python ?
Thanks in advance!

How to implement OAuth2 in Jersey?

I developed a JAX-RS project. I used Jersey for it. I'm trying to figure out what's the best solution for authentication, since my API will be consumed through a web and a mobile application.
OAuth2 seams to be the best solution for the case.
Does anyone know a good and easy to follow example on the subject?
Please try srb4j, a simple RESTFul backend for Java, with out-of-box, oauth2-based authentication.
Its tech stack is: Jersey2 + Spring + MyBatis + MySQL. Since it's an open source project, you can replace MyBatis/MySQL with the persistence frameworks and DBs you like.
It's "easy" enough, since you can set up the project in a few minutes.

Rails 3. Building an oauth2 provider

I am developing an API in Ruby on Rails 3 and I would like to secure it with Oauth2.
In other words, I need to create an Oauth provider. Is there a working gem for Rails 3 out there or perhaps a tutorial on the issue?
UPDATE
I know Rails are REST based so I find it very strange that there are no tutorials on how to create a public API and secure it. Does anyone know of any good tutorials. Preferable with oAuth.
Thankful for all help!!
Check out this gem https://github.com/applicake/doorkeeper
It is for Rails 3, the development it's early stages though.
There's also an example app that you take a look and see how the API is done.
http://doorkeeper-provider.herokuapp.com/
I've opensourced an OAuth2 server implementation yesterday.
It's well documented and there is a dashboard to control accesses. Right now I'm searching for somebody who wants to build an engine starting from it, or something cool on top of rack. That's why it is open-source.
https://github.com/intridea/oauth2 is the canonical gem right now for OAuth2 dev. If you are looking for a more complete solution, instead of rolling your own provider code, check out:
https://github.com/songkick/oauth2-provider
https://github.com/freerange/oauth2-provider
But I suggest messing around with the oauth2 gem if you aren't very familiar with the flow so that you can learn it better.
If you are using (or planning to use) devise for authentication, you can use https://github.com/socialcast/devise_oauth2_providable as plugin.
I'm developing a rugygem for OAuth2 provider, Rack::OAuth2.
https://github.com/nov/rack-oauth2
It requires to develop models (token, code, client etc) by yourself, but you can get a whole Rails3 sample OAuth2 server here.
https://github.com/nov/rack-oauth2-sample
I'm looking to implement an OAuth2 provider, too! I'm currently experimenting with this https://github.com/assaf/rack-oauth2-server, which seems to be a full-featured OAuth2 server, though it still supports only MongoDB, although implementing support for other DBMS seems simple enough. I am also looking at some of the other options posted here, lots of promising stuff!
"Doorkeeper is a gem that makes it easy to introduce OAuth 2 provider functionality to your application."
https://github.com/applicake/doorkeeper

Rails two-legged OAuth provider?

I have a rails 2.3.5 application with an API I wish to protect.
There is no user - it is an app to app style webservice (more like an Amazon service than facebook), and so I would like to implement it using a two-legged OAuth approach.
I have been trying to use the oauth-plugin server implementation as a start:
http://github.com/pelle/oauth-plugin
...but it is built expecting three-legged (web redirect flow) oauth.
Before I dig deeper into making changes to it to support two-legged, I wanted to see if there was an easier way, or if someone had a better approach for a rails app to implement being a two-legged OAuth provider.
Previously, the only good answer was to hack about in the oauth-plugin to get this subset of the oauth interaction. Since then, the oauth-plugin was refactored, and now you can use it straight up, just by adding the right type of authentication filter to your controller:
class ApiController < ApplicationController
include OAuth::Controllers::ApplicationControllerMethods
oauthenticate :strategies => :two_legged, :interactive => false
# ...
end
I'm not aware of any alternatives to oauth-plugin at the moment, though it is definitely getting long in the tooth and ripe for a replacement. My recommendation is to generate the oauth server from oauth-plugin, then extract the dependencies from the plugin (which are just a couple modules worth of methods) and trash the plugin. Then tweak everything to your needs. 2-legged oauth should not be a big problem since it is simpler than 3-legged anyway, and my feeling is that oauth-plugin is not usable these days without significant modifications anyway.
The meat of OAuth has long been extracted into the base oauth gem anyway, so the oauth-plugin is sort of in limbo. The architecture makes some heavy-handed assumptions about what authentication system you are using, and the generated code is dated. So to me, oauth-plugin serves more as an example of how to wire everything up rather than something that most sites would want to use out of the box.

Login/Register in Ruby on Rails?

Im starting to learn RoR and i want to make my personal blog in this language. I usually code a couple of prototypes on top of whatever im doing in my blog. So i would like people to be able to log in, and register with their openID. So i was about to jump to the coding place when i realized the concept of gems and all that stuff is giving you tools for this kind of things.
So is there some kind of package to manage users, profiles and openId?
check out technoweeni's restful-authentication plugin
I'd advise you to look at bort as a complete RoR skeletton app with RESTful auth builtin, one of its fork here or at AuthLogic a less intrusive auth solution for Rails (and Merb and some others).
Take a look at the bort skeleton app. It has restful auth and openid authentication already setup among other things.
Railscasts also has a number of screencasts about setting up authentication, restful authentication and OpenID.
One thing you want to be aware of to avoid hours of headache: the Ruby OpenID library changed substantially with OpenID 2.0, so if you're using a plugin or example code from a blog, be sure you're using the version of OpenID to which it corresponds.
There are several plugins; one with lot of activity is open_id_authentication.
Dan Webb has a good guide to OpenID authentication in Rails that walks you through writing the actual code, but note that, at least last I checked, it hadn't been updated for OpenID 2.0.

Resources