Omniauth,设计,打开ID,康康舞 - 请告诉我什么,什么时候使用哪种解决方案针对Rails应用程序的API [英] Omniauth, Devise, Open ID, CanCan - Whats what and When do I use which solution for a Rails API app
问题描述
因此,进出口开发一个Rails的APP-主要服务API,我希望锁定behjind一个不错的授权系统。香港专业教育学院创建Rails应用它呈现HTML并为我所用设计和惨惨。这一次,我想为JSON给我的客户。我基本上有以下要求:
So Im developing a Rails app- primarily serves API which I want to lock down behjind a nice authorization system. Ive created Rails apps which render HTML and for that I used Devise and CanCan. This time I want to serve JSON to my clients. I basically have the following requirements:
- 需要授权系统强大的那
- 的用户应该能够与现有的应用程序,如Facebook的登录,微博链接了和谷歌
- 应该有完整的堆栈授权可
现在这是我的第一个应用程序,我写了担任了API,因此我开始研究,到目前为止,香港专业教育学院发现了以下的解决方案,人们使用:
Now this is my 1st app that Im writing that serves up API so I started researching and so far Ive found the following solutions that people have used:
- 我见过的人使用设计与康康舞
- 我见过人们谈论的OAuth2使用
http://railscasts.com/episodes/353-oauth-with-doorkeeper ?自动播放= TRUE - 我听说......守门人使用
- 我听说过用......使用omniauth
所以基本上我1天的研究基本上只是让我困惑了。当迪我使用这些和我的要求而comnbination我会用!林努力使的字母汤感,有人可以帮助我理解这种
So basically my 1 day of research basically just confused me more. When di I use these and for my requirements which comnbination would I use! Im struggling to make sense of the alphabet soup, can someone help me understand this
推荐答案
设计是所有类型的Rails应用的认证引擎。设计允许对用户名/密码,令牌认证(良好的API的)和一个OAuth提供商(如谷歌,Facebook等)的认证。这显然使得除非用户通过您所提供的服务之一,签署了您拒绝访问的API。
Devise is an authentication engine for Rails apps of all types. Devise allows authentication against username/password, token authentication (good for API's), and an oauth provider (such as Google, Facebook and the like). This obviously allows you to deny access to the API unless the user is signed in through one of the services you offer.
康康舞是一个授权系统,该系统将在设计的顶部工作,以允许用户访问基于系统中的角色的系统的某些部分。惨惨有一个非常漂亮的DSL prviding 可和不能允许或拒绝访问的观点或控制器的操作方法。
CanCan is an authorization system that will work on top of Devise to allow users access to certain parts of your system based on their role within the system. CanCan has a very slick DSL prviding can and cannot methods for allowing or denying access to views or controller actions.
看门是,如果你想滚你的API之上自己的OAuth解决方案一个OAuth提供商的宝石。这将是,如果你想你的应用程序相同的方式为谷歌或Facebook采取行动在为用户进行身份验证OAuth用户端点。从你上述的东西,我不认为是这样。
Doorkeeper is an oauth provider gem if you wanted to roll your own oauth solution on top of your API. This would be if you wanted your application to act in the same manner as Google or FAcebook in providing an oauth endpoint for users to authenticate against. From what you stated above, I don't think this is the case.
给你上面提供的要求,我认为,制定和惨惨将是我会选择的路线。这将允许用户在首先通过用户名/密码,或者一些OAuth的提供商之后进行身份验证,然后让令牌认证访问您的API。然后,您可以通过惨惨锁定访问的具体行动。
Given the requirements you provided above, I believe that Devise and CanCan would be the route that I would choose. This would allow the user to authenticate at first by username/password, or some oauth provider, then allow token authentication after that to access your API. You can then lock down access to specific actions through CanCan.
这篇关于Omniauth,设计,打开ID,康康舞 - 请告诉我什么,什么时候使用哪种解决方案针对Rails应用程序的API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
