Rails Authentication Across Apps/Servers

Rails authentication across apps/servers

Yes, SSO using OAuth is a viable solution, but it's not the simplest one. When building anything new, OAuth 2.0 is the way to go. The OAuth standards cover a lot of ground.

The primary advantage of OAuth is that it allows users to give 3rd party apps access to their account without disclosing their password to the 3rd party. If you are not seriously providing such interoperability, then OAuth is probably overkill.

Given the complexity, I offer a different pair of solutions:

For Single Sign On

The trick is to share the session ID cookie between hosts within your domain & to use a shared session store (like ActiveRecordStore or a cache-based store.)

Every Rails app has a "secret" that is used to sign cookies. In newer Rails apps this is located in /config/initializers/secret_token.rb. Set the same secret token in each application.

Then, configure the session to allow access from all subdomains:

AppName::Application.config.session_store :active_record_store, :key => '_app_name_session', :domain => :all

For Internal API calls

Use a good shared secret to authenticate over HTTPS connections. Pass the secret in the "Authorization" header value.

You can use the shared secret easily with other architectures (like node.js). Just make sure you always use HTTPS, otherwise the shared secret could be sniffed on the network.

Rails App with Devise Based Authentication on Multiple Servers - Sign in issue

The issue here was not related to Devise Gem. It was that the MySql database which is in master-master replication mode, did not replicate the data correctly. The session id was being saved in one DB server but not the other. Hence removing one App Server worked.

The remedy was to reconfigure the Database servers to act in master master mode.

How to make common authentication between 2 server - Rails & Django

I honestly believe that attempting to combine these two web platforms is not the best idea. You can read feedback from a similar question here, but basically attempting to combine rails with Django will lead you down a serious rabbit hole where both Rails and Django are going to be expecting to handle the authentication. You can potentially use a different, more simple Python framework, but I think you can potentially achieve the same overall goal with a single Rails application.

If project specifications require Django, then you can potentially try the latter option of username & password to do a database read, and then manually create a JWT functionality. I think it would be really really difficult though to use many of the built in, or even open source solutions, that Django provides, which is why Django could be overkill.


Related Topics

Unknown Ruby Interpreter Version (Do Not Know How to Handle): Ruby_Version

Rmagick Installation: Can't Find Magickwand.H

The Command Rbenv Install Is Missing

Extract Links (Urls), with Nokogiri in Ruby, from a Href HTML Tags

Where Does Bundler Store Gems

What Is a Rakefile

Generate and Publish Ruby Based Rest APIs Documentation

Using Rails to Consume Web Services/Apis

How to Install Ruby on Rails 3 on Osx

How to Upgrade to Ruby 1.9.2

Mailer Unable to Access Reset_Token in User Model

How to Step Out of a Loop with Ruby Pry

Passing a Hash to a Function ( *Args ) and Its Meaning

How to List the Currently Available Objects in the Current Scope in Ruby

How to Remove Carriage Returns with Ruby

"Uninitialized Constant" Error When Including a Module

Copying Gems from Previous Version of Ruby in Rbenv

Defining "Method_Called".. How to Make a Hook Method Which Gets Called Every Time Any Function of a Class Gets Called


Leave a reply



Submit