制定API认证 [英] Devise API authentication

问题描述

我工作的一个Rails Web应用程序，还提供了基于JSON API，用于移动设备。移动客户端有望首先获得一个令牌（电子邮件/通），则客户端将与令牌后续API调用。

I am working on a rails web application that also provides JSON based API for mobile devices . mobile clients are expected to first obtain a token with (email/pass), then clients will make subsequential API calls with the token.

我是pretty新设计，我要寻找一个设计API看起来像认证（电子邮件，传递），并希望它返回真/假，然后根据我要么创建和手背令牌或返回一个下降的消息。但似乎设计并没有提供这样的事情。

I am pretty new to Devise, and I am looking for a Devise API look like "authenticate(email, pass) and expect it to return true/false, then based on that I will either create and hand back the token or return a decline message. but seems Devise doesn't provide something like this.

据我所知，制定1.3提供基于JSON权威性，但这是从什么，我需要一个有点不同 - 我需要生成令牌和处理回客户端，那么以后AUTH使用令牌，而不是做

I am aware that Devise 1.3 provides JSON based auth, but that's a bit different from what I need - I need to generate token and handle back to client, then after that auth is done using the token instead.

有人可以请给一些指点？

Can someone please give some pointers?

推荐答案

有一个名为有一项配置：token_authenticatable 。所以，如果你添加到色器件的方法在你的用户，然后就可以在你的API中只是通过调用验证

There is a devise configuration called :token_authenticatable. So if you add that to the devise method in your "user", then you can authenticate in your API just by calling

"/api/v1/recipes?qs=sweet&auth_token=[@user.auth_token]"

您可能会想这在你的用户，以及：

You'll probably want this in your user as well:

before_save :ensure_authentication_token

更新（符合API授权code）

UPDATE (with API authorization code)

您正在寻找的方法是：

resource = User.find_for_database_authentication(:login=>params[:user_login][:login])
resource.valid_password?(params[:user_login][:password])

这是我的精神与色器件

这篇关于制定API认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！