向 iOS 应用程序公开 Rails/Devise 身份验证 [英] Exposing Rails/Devise Authentication to iOS application

问题描述

我有一个 Rails 3.1 应用程序，它使用 Devise 进行身份验证，并带有一个简单的用户模型，包括电子邮件、密码等.我需要能够从 iphone 应用程序进行身份验证.如何公开此功能?广泛的答案很好，因为我不确定我的选择是什么.

I have a rails 3.1 application that uses Devise for Authentication with a simple User model with email,password etc. I need to be able to authenticate from an iphone application. How do I expose this functionality? Broad answers are fine as I am not sure what my options are.

推荐答案

最快的方法是简单地启用 http_authenticable 并通过 HTTP 基本身份验证传递用户名和密码.虽然这是最简单的方法，但这意味着您必须以明文形式存储用户密码，并将其与您提出的每个请求一起发送.

The fastest way would be to simply enable http_authenticatable and pass the username and password through HTTP Basic Auth. While that's the easiest way, it means you have to store the users password in plaintext and send it along with every request you make.

一个更好的选择是令牌认证，你可以通过参数或 HTTP Basic Auth 传递它(在这种情况下，你可以将密码设置为X"，将令牌设置为用户名).这样做的好处是，您最初可以只使用用户名/密码来获取令牌，然后将其用于任何进一步的身份验证.

A better option is token authentication, you can pass it through parameters or HTTP Basic Auth (in which case you can set the password to "X" and the token to the username). The advantage to this is that you can just use the username/password initially to get the token and then use that for any further authentication.

用最少的代码进行令牌认证的最简单方法是在 Devise 中启用 HTTP 认证并设置一个需要用户登录的新控制器，它所做的只是输出 reset_authentication_token.获得令牌后，您可以将其传递给任何未来的 HTTP 身份验证请求以进行登录.

The simplest way to do token authentication with the minimum amount of code would be to enable HTTP authentication in Devise and setup a new controller that requires the user is logged in and all it does is output the result of reset_authentication_token. Once you have the token you would then pass that to any future HTTP authentication requests to log them in.

这篇关于向 iOS 应用程序公开 Rails/Devise 身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！