Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Oauth2 provider (Doorkeeper?) being an Oauth2 consumer (Devise+OmniAuth) for login

Tags:

ruby-on-rails

oauth-2.0

devise

omniauth

doorkeeper

Oauth2 is driving me crazy.

Currently, my Rails application authenticates users through Facebook, and soon other Oauth2 providers, thanks to the beauty of Devise & OmniAuth. User can't sign in with login & password.

But as my application is mainly an API, I also want it to act as an Oauth2 provider, to protect data.

Thus, the user sign in with Facebook -> my application obtain an Access Token, and then -> provides the user a new Access Token to access my API -> my AngularJS application (or any other app) uses this token to access my API without knowing Facebook or Google Access Token. It looks like I need to forward Oauth2 token to client with a custom provider.

I discovered doorkeeper gem... but I can't understand how to articulate it with Devise & Omniauth.

I found many partial answers here, but not a complete one.

I will appreciate any help, good tutorial, or more complete answers.

like image 808
ArTiSTiX Avatar asked Oct 15 '14 15:10

ArTiSTiX

1 Answers

Here is a simple tutorial to get you started. Thanks to Andrea!
1. Server Application (Devise + Doorkeeper)
http://dev.mikamai.com/post/110722727899/oauth2-on-rails
2. Client Application (Ominauth-oauth2)
http://dev.mikamai.com/post/112508735689/oauth2-on-rails-the-client-application
P.S. Minor Errata!
1. When you generate the APP_ID and SECRET_ID for the client application from the server application - using http://localhost:3000/oauth/applications/new - enter the callback url http://localhost:3001/auth/doorkeeper/callback
Or, if you see this after the error, go back to http://localhost:3000/oauth/applications/ and edit the callback url.
We can't use http://localhost:3001/doorkeeper/callback because this is not the route the tutorial is using from the Client Application.
2. In the client application include the callback action definition as below and change the to_json method to as_json.

../oauth-client/app/controllers/application_controller.rb

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception
  def authentication_callback
    auth = request.env['omniauth.auth']
    render json: auth.as_json
  end

end

Cheers!

like image 58
bhtabor Avatar answered Nov 14 '22 21:11

bhtabor
Sign in to Comment

Related questions

Foreman rvm upstart not work
Mongoid criteria that returns nothing
Foundation 4.3.2 "Could not find generator foundation:install"
Rails 4: SQLException: no such table:
Puma installation error on windows
Convert a partial to method/block for speed
Show full error messages with simple form?
Uploading Base64 image data to S3 via AWS Ruby SDK
DateTime.new with timezone (Rails)
Rails says json 1.8.1 is missing even though its listed during bundle install
Can't bypass OpenSSL verification - certificate verify failed (OpenSSL::SSL::SSLError)
acts_as_taggable_on and select2 returning weird results in Active Admin
How to override Rails' default migration generator template
How do I kill job in Sidekiq took long to finish
With the state_machine gem, is there a way to make the events private/protected?
Create and update with nested models using strong parameters Rails
Couldn't find Listing with 'id'=all, Search Form
ActionMailer link_to show action fails with "missing required keys: [:id]"
Paperclip cannot find ImageMagick on AWS Elastic Beanstalk
Limit the number of records in table in Rails

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!