Rails JSON API oauth authentication

Asked 14/4, 2014 at 8:4 Answered 3/7, 2015 at 8:18

ruby-on-rails mobile ruby-on-rails-4 facebook-oauth rails-api

I've been researching the best approach for implementing facebook, twitter, and email/password authentication for a pure JSON rails 4.1 application that uses rails-api. The rails app has NO views and just serves JSON between android and iphone applications hybrid native apps (They use the ionic framework that is an angular application compiled into a native application).

In the past I've implemented basic authentication where an auth_token is passed in headers from the clients apps to a Rails API with no issue using rails built in auth, but since this time I need to integrate with Facebook and Twitter I'm looking for a solution that utilizes oauth.

I've looked into devise, but it doesn't seem to play nicely with a pure JSON api. Likewise, omniauth seems to rely on views & redirects. Additionally, opro and doorkeeper seem great for being your own oauth provider but I don't see how they handle 3rd parties like facebook and twitter.

How are people implementing multi-provider oauth authentication for a pure JSON API app in rails?

Nereid answered 14/4, 2014 at 8:4 Comment(3)

I wish I could give you more than 1 upvote :). This is exactly the problem I also have. Everyone is talking about token authentication, but nobody is talking on how to do 3rd party authentication. My current solution was that the client redirects to my API, I take care of authentication with OmniAuth, store an authentication token in a cookie, and then redirect back to the client. But that works because the only client I have is a browser, and I realized I want it more generic. Sorry, didn't really help :) – Idiocy 2/9, 2014 at 22:5

@Nereid hey, how did you end up implementing the authentication in the end? – Eudy 18/5, 2015 at 22:1

@PaulFitzgerald open sourced it github.com/johnkelly/heavenly. Basically facebook auth that becomes token auth after authentication. – Nereid 19/5, 2015 at 16:51

Look at this blog. Here the author has explained to implement google oauth2 in android with rails backend with some nice diagrams. Hope this will help.

Robalo answered 3/7, 2015 at 8:18 Comment(0)

I made a very similar JSON Api using growl. The authentication used custom service classes to auhenticate against google, facebook, twitter. The service class for facebook needed a facebook tokan and used the Koala gem to fetch the information from facebook and to populate the social identity. If necessary it created a new user or it associated the social identity with an existing user with the same UID or email.

This way we had custom fine grained controll over the whole authentication process.

We also used swagger to document the API and to provide an easy to test frontend.

Phebe answered 15/4, 2014 at 8:54 Comment(0)

Recommended topics

Hot tags