Rails API:使用用户名/密码或 Facebook 令牌从本机移动应用程序验证用户 [英] Rails API: Authenticate users from native mobile apps using username/password or facebook token
问题描述
所以我几天来一直在努力弄清楚如何将用户名/密码身份验证添加到我的 rails 移动 API 中.
以下是我当前身份验证流程的简要概述:
用户在移动端客户端选择login with Facebook"重定向到 Facebook 应用并请求 access_token
成功后,Facebook 会使用访问令牌和客户端进行响应重定向回我的应用.
客户端将访问令牌发送到我的 API
我的 API 使用 来验证用户访问令牌.这是通过将以下 before_filter 应用于所有控制器来完成的.
before_filter :current_user在我的 application_helper.rb 中
def current_user@current_user ||= User.authenticate_user_from_facebook(params[:access_token])结尾每次用户向我的 API 发出请求时,koala gem 都会用于检查令牌是否有效,然后处理请求.
我现在要添加的是仅使用用户名和密码的身份验证.
我调查过的事情
我一直在参考 Railscast 235、209、250、82 并阅读 OAuth2.我对身份验证的工作原理有基本的了解,但我无法将其应用于当前的身份验证流程.
设计令牌认证参考 Railscast 235、209 和这篇博文:http://matteomelani.wordpress.com/2011/10/17/authentication-for-移动设备/
我能理解如何登录和验证使用用户名和密码登录的用户.然而,我对这将如何与我的 Facebook 登录流程相结合感到困惑.我不明白如何为已经拥有 Facebook 生成的访问令牌的用户创建带有设计的会话.
OAuth2使我的 API 成为 OAuth2 提供者似乎是一个不错的方法,但重定向到浏览器似乎有点愚蠢,而且我不知道是否可以从浏览器重定向回我的应用程序.
从头开始身份验证这是我正在考虑的选项,但我会重新发明轮子.
感谢您阅读这篇长文!任何建议表示赞赏!
解决方案您可能需要查看 Warden.无论您使用令牌、密码还是 Facebook,Warden 都可以轻松设置和使用不同的身份验证策略.它是基于 Rack 的,所以它也可以在 Rails 之外工作,如果你想在 API 中使用 Grape 之类的东西,这很好.
这是Warden 上的RailsCast.(需要专业版订阅)
So I have been pulling my hair out for a few days now trying to figure out how to add username/password authentication to my rails mobile API.
Here is a brief overview of my current authentication flow:
User selects "login with Facebook" on the mobile client, client redirects to Facebook app and requests access_token
On success, Facebook responds with the access token and the client redirects back to my app.
The client sends the access token to my API
My API uses the koala gem to check if the access token is valid.
If the token is valid, Facebook sends the users data to the API where a new user is created. If the user already exists, my API sends down the users data.
My API handles the access token in step 4 as shown below:
def self.authenticate_user_from_facebook(fb_access_token) user = User.new graph = Koala::Facebook::API.new(fb_access_token) profile = graph.get_object('me') #user['fb_id'] = profile['id'] #user['fb_token'] = fb_access_token # Generate user hash uhash = Hash.new uhash['provider'] = 'facebook' uhash['uid'] = profile['id'] uhash['info'] = Hash.new uhash['info']['nickname'] = profile['username'] uhash['info']['name'] = profile['name'] uhash['info']['email'] = profile['email'] uhash['info']['first_name'] = profile['first_name'] uhash['info']['last_name'] = profile['last_name'] uhash['info']['verified'] = profile['verified'] uhash['info']['urls'] = Hash.new uhash['info']['urls']['Facebook'] = profile['link'] uhash['credentials'] = Hash.new uhash['credentials']['token'] = fb_access_token uhash['extra'] = Hash.new uhash['extra']['raw_info'] = Hash.new #Save the new data user = User.apply_auth(uhash) return user end def self.apply_auth(uhash) User.where(:uid => uhash['uid'], :provider => uhash['provider']).first_or_create do |user| user.provider = uhash['provider'] user.uid = uhash['uid'] user.nickname = uhash['info']['nickname'] user.email = uhash['info']['email'] user.name = uhash['info']['name'] user.first_name = uhash['info']['first_name'] user.last_name = uhash['info']['last_name'] end endOnce the user is created, they can make requests to my API using their access token as shown below:
In step 2 the API is using koala to verify the users access token. This is done by applying the following before_filter to all controllers.
before_filter :current_userand in my application_helper.rb
def current_user @current_user ||= User.authenticate_user_from_facebook(params[:access_token]) endEvery time a user makes a request to my API the koala gem is used to check if the token is valid, then the request is processed.
What I am trying to add now is authentication with only username and password.
Things I have looked into
I have been constantly referring to Railscast 235, 209, 250, 82 and reading up on OAuth2. I have a basic understanding of how authentication works but Im having trouble applying it to my current authentication flow.
Devise Token Authentication Referring to Railscast 235, 209, and this blog post: http://matteomelani.wordpress.com/2011/10/17/authentication-for-mobile-devices/
I can understand how to login and validate a user who logs in with a username and password. However I am confused as to how that will mesh with my Facebook login flow. I do not understand how to create a session with devise for a user who already has an access token generated by Facebook.
OAuth2 Making my API an OAuth2 provider seems like it would be a good way to go, but it seems kind of silly to redirect to a browser, and I don't know if its possible to redirect back from the browser to my app.
Authentication From Scratch This is the option I am thinking of going with but I would be reinventing the wheel.
Thanks for reading this long post! Any advice is appreciated!
解决方案You may want to look into Warden. Warden makes it easy to setup and use different auth strategies whether you use tokens, password or Facebook. It is Rack-based so it also works outside of Rails which is nice if you ever want to use something like Grape for the API.
Here is the RailsCast on Warden. (Pro subscription required)
这篇关于Rails API:使用用户名/密码或 Facebook 令牌从本机移动应用程序验证用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
