Chrome扩展程序+ Devise + Rails应用程序 - 从扩展程序进行身份验证的请求? [英] Chrome Extension + Devise + Rails App - Making authenticated requests from extension?
问题描述
我正在构建一个Chrome扩展,方便直接从浏览器创建联系人,而无需去我的设计供电的rails应用程序本身。联系人#创建需要身份验证,所以我想知道如何从扩展名发送身份验证的请求。
I'm building a chrome extension that facilitates the creation of contacts straight from the browser without needing to go to my devise-powered rails app itself. Contacts#Create requires authentication so I'm wondering how I can do send authenticated requests from the extension.
我已经启用了设计令牌认证,所以我的用户有一个authtoken。我在我的扩展js中写了一个方法,发布到我的rails应用程序的联系人#创建动作。对于测试,我只是硬编码我自己的auth令牌,似乎工作。但如何扩展访问用户的授权令牌?将此令牌存储到Cookie中看起来不正确/安全。
I've enabled devise TokenAuthenticatable and so my users have an authtoken. I've written a method in my extensions js that posts to my rails app's contacts#create action. For testing, I've simply hard coded my own auth token in, which seems to work. But how can the extension access the auth tokens for users? It doesn't seem right/secure to store this token into a cookie.
我想我应该使用chrome.cookies来访问并使用我的应用程序会话信息不知何故。但是我在这里只得到一个sessionID。
I think I'm supposed to use chrome.cookies to access and do something with my app's session info somehow. But I only get a sessionID here.
任何帮助赞赏!
推荐答案
p>虽然不是从chrome扩展,我正在建立类似的东西,从终端工作。我最终绕过了设计,并通过自己的令牌身份验证创建,允许用户访问我需要的一个控制器#动作。这样一来,如果令牌被盗,可以减少损坏。
Although not from a chrome extension, I was building something similar that would work from terminal. I ended up bypassing devise and creating by own token authentication that would allow users to access just the one controller#action I needed. That way you can minimize the damage if the token gets stolen.
所以无论如何,我可以允许用户在rails应用界面中生成(并重新生成)令牌,并使之成为以便扩展在第一次启动时要求令牌。我会将该令牌本身存储在localStorage中。
So anyway, I would allow users to generate (and regenerate) tokens within the rails app interface and make it so that the extension asks for the token on the very first launch. I'd store the token itself in localStorage.
这篇关于Chrome扩展程序+ Devise + Rails应用程序 - 从扩展程序进行身份验证的请求?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
