Start Using Ruby on Rails, Web Services and Oauth

Start using Ruby on Rails, Web Services and OAuth

Assuming you get to decide what kind of Web Service you want, and a RESTful XML Web Service is an acceptable choice, then Rails applications practically do this by default. When you generate scaffolding code, your controller will actually be ready to interface with as a RESTful Web Service.

Of course, that's not everything you need to know and do, but the subject seems to be covered very well by the following series of articles...

  1. http://css.dzone.com/news/rest-with-rails-part-1
  2. http://css.dzone.com/news/rest-with-rails-part-2-serving
  3. http://css.dzone.com/news/rest-with-rails-part-iii-using

Unfortunately, there seem to be some JavaScript errors on those pages, but they're still usable.

I know this doesn't answer the OAuth part of your question, but this article ( http://stakeventures.com/articles/2009/07/21/consuming-oauth-intelligently-in-rails ) apears to have some useful information on that subject. Note that the info here is slightly out of date if you'll be using Rails 3 because you'll want to list the gems in your Gemfile and run bundle install rather than adding config.gem ... lines to your environment.rb file.

Can't setup simple OAuth2 between Google and toy website using Ruby on Rails, Devise, Omniauth

For anyone stumbling upon the same issue, I solved it by adding the following gem to the project, after trying tons of fixes I found online:
gem "omniauth-rails_csrf_protection"
Why? No clear idea. Answers with more explanation would be very welcome.

Should I use OAuth/OAuth2 for SOA type web services?

OAuth might be an overkill if you are only using it internally. However since you're implementation would just be a reference design and you expect 3rd parties to connect it seems a good decision to rely on a standard.

As ruby implementations goes - you probably want to look at oauth-plugin (on the rails side) and oauth2 (client) gems

How do I build a web app and API together for a service that mostly relies on authenticated requests?

I can tell you what I'm doing right now in my project:

  1. Rails API (JSON); you can use rails api gem, grape or full rails framework.
  2. Single page web app using AngularJs (it can be anything else you feel comfortable with, like backbone, emberjs, etc.)

How I'm authenticating the user:

  1. The user posts to /login with username and password
  2. The Rails part authenticates the user (by the username and password), creates an access token (persist it in a table, with expiration time, for example, 30 mins) and returns it to the user.
  3. Each request from the client side (angularjs part) is passed with a Token authentication header like so: Authorization: Token token=[the token goes here]
  4. The rails api uses to token to get the associated user
  5. If the token has expired or is invalid, it returns 401 (unauthorized); once the angularjs part intercepts a 401 it redirects the user to the login page.
  6. If the request is authenticated, the expiration time is reset to 'now' so the 30min i'm talking about acts like 30 mins of inactivity

You can do a lot more with the access token - you can do roles, like Admin, User, etc. and limit the user's access to resources.

Using yahoo api with Oauth ruby

Have you seen YDN's Ruby Developer Center: http://developer.yahoo.com/ruby/

omniauth vs. oauth-plugin

Omniauth is a mega-authorization gem, giving you access to the OAuth processes for a whole list of web services (Twitter, Facebook, Foursquare, Gowalla, Netflix, YouTube, etc, etc), so you can call specific functions for each service and get it set up quickly.

The oauth-plugin you mention appears to just set you up with an OAuth general setup, and you'd have to do the API hookups for each service yourself. More lightweight, so if you only need Twitter services, for example, that might be a better way to go, although I'd still probably check out Omniauth to see how big of a performance drain it is, because it's going to be a lot easier to use overall.

Custom Login form in a Rails app with third party Oauth authentication webservice

I figured it out:

Your user model must remain :omniauthable for this.

I built the forms and used the routes as expected and explained above, respectively. Business as usual defining the views for devise.

In my sessions controller, I talked to the auth web service and I obtained the response, which I cased out to isolate different processes applying to whether the response was successful or not (if response.success? else...)

After that, under the if response.success? block I used the a session token I got from the webservice to pull up the user's session from the tables. Devise should store sessions for the users. In my app this was done using a Credential model, which persisted its info to a Credentials table, and which is linked to the Users table with...

belongs_to :user_identifier,
    foreign_key: :uid,
    primary_key: :platform_resource_id

  has_one :user,
    through:  :user_identifier,
    source:   :user

and also has all that yummy Kansas-style ActiveRecord ORM sauce baked in, so I did:

credential = Credential.find_or_create_by(token: @session_token, token_type: 'session_token')

Then just call the devise method sign_in using the user corresponding to the Credential you pulled from the database. Bear in mind this is all still from the sessions controller where you're doing all of this talking and parsing to the auth webservice:

sign_in credential.user, event: :authentication #sign in the user!

Feel free to mix and match according to your schema and field names. Your session tokens must be stored somewhere, find it brave programmers you little beautiful things you!

Notice how I'm using ActiveRecord's find_or_create_by, only in the block pertaining to the success case when polling the auth webservice. That webservice does 200 OK when authentication is successful, and 4xx when things go awry.

If anyone needs to do something like this in the future, please check that your provider offers an API like this to get stuff done, I don't think all oauth providers do. If my advice isn't enough for your needs, feel free to shoot me a message and I'll try to help. I went through hell to figure this out so I wouldn't want anyone to have a bad time again :^)

Rails API using Github OAuth authentication

I ended up rolling my own using Faraday and manual api calls.

https://github.com/Ada-Developers-Academy/ada-prs-api/tree/authentication

Currently it's on hold as I'm switching to a React-Firebase framework as it's better supported and seems more scalable.


Related Topics

Error with Postgresql Datababse:Is the Server Running Locally and Accepting Connections on Unix Domain Socket "/Var/Run/Postgresql/.S.Pgsql.5432"

Run Code Only If Script Called from the Command Line

Run a Ruby Library from the Command-Line

How to Pass <Arguments> to Irb If I Don't Specify <Programfile>

Implementing Bayesian Classifier in Ruby

"Gem Update --System Is Disabled on Debian" Error

Can't Add Sources with Gem

How Does Ruby Handle Bytes/Binary

How to Deal with Ruby 2.1.2 Memory Leaks

Devise Nomethoderror 'For' Parametersanitizer

How to Find Best Matching Element in Array of Numbers

Attempting to Install Libv8, "Failed to Build Gem Native Extension"

Trouble Downgrading Ruby on Os X Mavericks

How to Pass an Argument When Calling a View File

Rails Two-Legged Oauth Provider

Convert 12 Hr Time to 24 Hr Format in Ruby

Override the Protect_From_Forgery Strategy in a Controller

How to Create a Symbol from a String That Has Whitespaces


Leave a reply



Submit