西纳特拉+ omniauth + Android的,征求意见 [英] Sinatra + omniauth + Android, advice sought
问题描述
我正在开发一个应用程序的Sinatra我想为其使用OmniAuth。到目前为止,我有类似这样的Web应用程序的内容:
I'm developing a Sinatra app for which I'd like to use OmniAuth. So far, I have something similar to this for the web app:
的http://$c$cbiff.com/omniauth-with-sinatra
我想Web应用程序通过Android手机这将使用一个API,通过令牌的方式进行身份验证是可用的。 API的发展似乎很好这里介绍:
I'd like the web app to be usable via Android phones which would use an API, authenticating by means of a token. The development of an API seems to be covered nicely here:
什么是不明确的,现在我可能会安排登录过程。 presumably它会沿着这些路线:
What is not clear is now I might arrange the login procedure. Presumably it would be along these lines:
- 用户选择使用什么服务,例如,推特,脸谱和放大器; C,在Android设备上的应用程序内按钮手段。
- 的Android应用程序打开一个网页视图登录到Web应用程序。
- 令牌以某种方式创建,存储在Web应用程序的数据库,并返回到Android应用程序,以便它可以储存并用于后续API请求。
我不是如何3点可能是管理非常明确 - 没有任何人有什么建议?
I'm not very clear on how point 3 might be managed - does anyone have any suggestions?
推荐答案
由于没有人似乎有什么建议,这里是我想出这么远。我不认为这是非常好的,虽然。
As no-one seems to have any suggestions, here's what I've come up with so far. I don't think it's very good, though.
我添加API密钥的用户模型,当用户第一次验证它是创建:
I've added an API key to the user model, which is created when the user is first authenticated:
class User
include DataMapper::Resource
property :id, Serial, :key => true
property :uid, String
property :name, String
property :nickname, String
property :created_at, DateTime
property :api_key, String, :key => true
end
....
get '/auth/:name/callback' do
auth = request.env["omniauth.auth"]
user = User.first_or_create({ :uid => auth["uid"]},
{ :uid => auth["uid"],
:nickname => auth["info"]["nickname"],
:name => auth["info"]["name"],
:api_key => SecureRandom.hex(20),
:created_at => Time.now })
session[:user_id] = user.id
session[:api_key] = user.api_key
flash[:info] = "Welcome, #{user.name}"
redirect "/success/#{user.id}/#{user.api_key}"
end
如果授权工作则API_KEY被提供给Android应用,这将presumably其存储在设备上的某个地方:
If the authorisation works then the api_key is supplied to the Android app, which will presumably store it on the device somewhere:
get '/success/:id/:api_key', :check => :valid_key? do
user = User.get(params[:id],params[:api_key])
if user.api_key == params[:api_key]
{'api_key' => user.api_key}.to_json
else
error 401
end
end
所有的API调用保护,在我原来的职位链接:
All API calls are protected as in the link in my original post:
register do
def check (name)
condition do
error 401 unless send(name) == true
end
end
end
helpers do
def valid_key?
user = User.first(:api_key => params[:api_key])
if !user.nil?
return true
end
return false
end
end
有关公共用途,我会只允许服务器的SSL连接。改进建议将受到欢迎。
For public use I'll only allow SSL connections to the server. Any suggestions for improvement would be welcome.
这篇关于西纳特拉+ omniauth + Android的,征求意见的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
