CSC/ECE 517 Fall 2013/ch1 1w19 rj: Difference between revisions
No edit summary |
No edit summary |
||
Line 52: | Line 52: | ||
attr_accessible :client_application, :user, :scope, :callback_url # Add this to Oauth2Verifier | attr_accessible :client_application, :user, :scope, :callback_url # Add this to Oauth2Verifier | ||
This is required since the generator for <code>oauth_provider</code> is outdated. | This is required since the generator for <code>oauth_provider</code> is outdated. | ||
<br/> | <br/><br/> | ||
10. Add the following alias to <code>app/controllers/oauth_controller.rb</code> and <code>app/controllers/oauth_clients_controller.rb</code> after the class declaration | 10. Add the following alias to <code>app/controllers/oauth_controller.rb</code> and <code>app/controllers/oauth_clients_controller.rb</code> after the class declaration | ||
alias :login_required :authenticate_user! | alias :login_required :authenticate_user! |
Revision as of 08:31, 16 September 2013
Using secure API authorization via OAuth
OAuth is the de facto standard authentication mechanism used by prominent websites like Facebook and Twitter. This wiki discusses Ruby support for OAuth and highlight using examples.
Introduction to OAuth
OAuth in Ruby
OAuth Sample Application
TODO: Add Ruby/Rails version used
Creating an OAuth Provider
Following steps will create a basic Rails application that uses OAuth to authenticate the requests.
1. Create a Rails application and remove public/index.html
rails new OAuthProviderApp
2. Add devise
and oauth-plugin
gems to your Gemfile
gem 'dynamic_form' gem 'devise' gem 'oauth-plugin'
3. Run bundle install
to install the Gems
bundle install
4. Run the devise:install
and devise User
generators to generate the User model, controller and views
rails generate devise:install rails generate devise User
The above commands generates the migration and model for User
.
5. Run the oauth_provider
generator
rails generate oauth_provider
This will generate the migrations, models, controllers, views and routes for the following:
- OAuthToken or AccessToken - The token used to associate the request with the resource owner.
- ClientApplication - Client application that needs access to the services offered by the Server on behalf of the Resource owner
- OAuthNonce - Used for verifying requests from the client
6. Migrate the database to create tables for User, OAuthToken, ClientApplication, and OAuthNonce in the database
rake db:migrate
7. To test the application, add the following route to your config/routes.rb
root :to => 'oauth_clients#index'
8. Add ClientApplication and OAuthToken associations to User model (app/models/user.rb
)
has_many :client_applications has_many :tokens, :class_name => 'Oauth2Token', :order => 'authorized_at desc', :include=>[:client_application]
9. Add the following accessors to the corresponding models
attr_accessible :user, :client_application # Add this to AccessToken attr_accessible :nonce, :password, :timestamp # Add this to OauthNonce attr_accessible :callback_url, :client_application # Add this to RequestToken attr_accessible :user, :client_application, :scope # Add this to Oauth2Token attr_accessible :client_application, :user, :scope, :callback_url # Add this to Oauth2Verifier
This is required since the generator for oauth_provider
is outdated.
10. Add the following alias to app/controllers/oauth_controller.rb
and app/controllers/oauth_clients_controller.rb
after the class declaration
alias :login_required :authenticate_user!
This is required because oauth-plugin
uses login_required
method to determine whether the user is authenticated or not. In order to determine whether the user is authenticated or not, we use the authenticate_user!
method provided by devise
gem.
11. Add the following filter to config/application.rb
require 'oauth/rack/oauth_filter' #Add before declaration of module OAuthProviderApp config.middleware.use OAuth::Rack::OAuthFilter #Add after declaration of class Application
This enables the OAuthFilter to the middleware layer and thus allows filtering out unauthorized calls.
12.
Creating an OAuth Consumer
- Step 1
- Step 2
- Step 3