设计 API 认证 [英] Devise API authentication

问题描述

我正在开发一个 Rails Web 应用程序，该应用程序还为移动设备提供基于 JSON 的 API.移动客户端应该首先使用(email/pass)获取令牌，然后客户端将使用该令牌进行后续 API 调用.

I am working on a rails web application that also provides JSON based API for mobile devices . mobile clients are expected to first obtain a token with (email/pass), then clients will make subsequential API calls with the token.

我对 Devise 很陌生，我正在寻找一个类似于 authenticate(email, pass) 的 Devise API，并希望它返回真/假，然后基于此我要么创建并交回令牌或返回拒绝消息.但似乎 Devise 没有提供这样的东西.

I am pretty new to Devise, and I am looking for a Devise API look like authenticate(email, pass) and expect it to return true/false, then based on that I will either create and hand back the token or return a decline message. but seems Devise doesn't provide something like this.

我知道 Devise 1.3 提供基于 JSON 的身份验证，但这与我需要的有点不同 - 我需要生成令牌并处理回客户端，然后在使用令牌完成身份验证之后.

I am aware that Devise 1.3 provides JSON based auth, but that's a bit different from what I need - I need to generate token and handle back to client, then after that auth is done using the token instead.

有人可以指点一下吗?

推荐答案

有一个名为 :token_authenticable 的设计配置.因此，如果您将其添加到用户"中的设计方法中，那么您只需调用

There is a devise configuration called :token_authenticatable. So if you add that to the devise method in your "user", then you can authenticate in your API just by calling

"/api/v1/recipes?qs=sweet&auth_token=[@user.auth_token]"

您可能也希望在您的用户中使用此功能:

You'll probably want this in your user as well:

before_save :ensure_authentication_token

更新(带API授权码)

您正在寻找的方法是:

resource = User.find_for_database_authentication(:login=>params[:user_login][:login])
resource.valid_password?(params[:user_login][:password])

这里是我的 gist 和带有设计的完整 JSON/API 登录

这篇关于设计 API 认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！