为 API 设计的自定义身份验证 [英] custom authentication with devise for an API
问题描述
所以我这里有一个有点棘手的组合
so i have a little tricky combination here
Company has many Users
User belongs to Company
管理用户以使用设备进行身份验证
The User is managed for authentication with devise
class User < ActiveRecord::Base
belongs_to :company
devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable
您可以以用户身份登录并创建所有属于该公司而非用户的对象,例如:Text
.(company.texts
)
You can login as a User and create Objects that all belong to the Company of that, not to the user, for example: Text
. (company.texts
)
现在我使用 acts_as_api
gem 创建了一个简单的 API.为此,我只需要修改我的文本控制器,例如表演动作.
now i created a simple API using the acts_as_api
gem.
for this i simply have to modify my text-controller, f.e. the show action.
class TextsController < ApplicationController
load_and_authorize_resource
def show
#@text = Text.find(params[:id])
respond_to do |format|
format.html
format.json { render_for_api :texts_all, :json => @text }
end
这在网站上工作得很好.问题是 API.我不想在通过用户模型访问 api 时进行身份验证.该公司确实有一个名为 :hash
的属性,我想将其用于 API 中的身份验证.
this works quite fine on the website.
the problem is the API. i don't want to authenticate when accessing the api via the user model. the company does have a attribute called :hash
which i want to use for Auth in the API.
我不知道如何使用设计(或任何其他方法)来实现这一点.因此,默认情况下,设计希望用户登录,因为我的控制器中的 load_and_authorize_resource
对 html 响应很好,但对 json 响应无效.
i don't have any idea how to achieve this using devise (or any other method).
so by default devise wants a user to be logged in because of load_and_authorize_resource
in my controller which is fine for the html response but not for the json response.
有什么想法吗?
感谢您阅读本文.如果有不清楚的地方请留言!
thanks for reading this. please leave a comment if something is unclear!
推荐答案
只需使用 Token Authenticatable 并随 API 上的每个请求发送令牌.
Just use Token Authenticatable and send the token with each request on your API.
这篇关于为 API 设计的自定义身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!