开发者

Devise API authentication [closed]

Closed. This question is seeking recommendations for books, tools, software libraries, and more. It does not meet Stack Overflow guidelines. It is not currently accepting answers.

We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.

Closed 5 years ago.

开发者_JAVA技巧 Improve this question

I am working on a rails web application that also provides JSON based API for mobile devices . mobile clients are expected to first obtain a token with (email/pass), then clients will make subsequential API calls with the token.

I am pretty new to Devise, and I am looking for a Devise API look like authenticate(email, pass) and expect it to return true/false, then based on that I will either create and hand back the token or return a decline message. but seems Devise doesn't provide something like this.

I am aware that Devise 1.3 provides JSON based auth, but that's a bit different from what I need - I need to generate token and handle back to client, then after that auth is done using the token instead.

Can someone please give some pointers?


There is a devise configuration called :token_authenticatable. So if you add that to the devise method in your "user", then you can authenticate in your API just by calling

"/api/v1/recipes?qs=sweet&auth_token=[@user.auth_token]"

You'll probably want this in your user as well:

before_save :ensure_authentication_token

UPDATE (with API authorization code)

The method you're looking for are:

resource = User.find_for_database_authentication(:login=>params[:user_login][:login])
resource.valid_password?(params[:user_login][:password])

here's my gist with a full scale JSON/API login with devise


I would recommend reading through the Devise Wiki, as Devise natively supports token authentication as one of it's modules. I have not personally worked with token authentication in Devise, but Brandon Martin has an example token authentication example here.


Devise is based on Warden, an authentification middleware for Rack.

If you need to implement your own (alternative) way to authenticate a user, you should have a look at Warden in combination with the strategies that ship with Devise: https://github.com/plataformatec/devise/tree/master/lib/devise/strategies


If token auth just isn't what you want to do, you can also return a cookie and have the client include the cookie in the request header. It works very similar to the web sessions controller.

In an API sessions controller

class Api::V1::SessionsController < Devise::SessionsController

  skip_before_action :authenticate_user!
  skip_before_action :verify_authenticity_token

  def create
    warden.authenticate!(:scope => :user)
    render :json => current_user
  end

end

In Routes

namespace :api, :defaults => { :format => 'json' } do
  namespace :v1 do
    resource :account, :only => :show
    devise_scope :user do
      post :sessions, :to => 'sessions#create'
      delete :session, :to => 'sessions#destroy'
    end
  end
end

Then you can do this sort of thing (examples are using HTTPie)

http -f POST localhost:3000/api/v1/sessions user[email]=user@email.com user[password]=passw0rd

The response headers will have a session in the Set-Cookie header. Put the value of this in subsequent requests.

http localhost:3000/api/v1/restricted_things/1 'Cookie:_my_site_session=<sessionstring>; path=/; HttpOnly'
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜