Rails 3.2 + Devise 2.1 + OmniAuth + Backbone.js Authentication

Question

I currently use Devise 2.1 + Rails 3.2.x to authenticate users. I'm also going to be adding OmniAuth-Facebook and Twitter support soon.

I wanted to use this existing infrastructure with Backbone.js. Can you let me know if this is the correct workflow from authentication perspective?

1. User login via Devise (or OmniAuth)
2. Use Devise's Token Authenticatable to return a token?
3. Backbone to access the token somehow and append that as part of API call? I don't need the API to create user, that's being handled by Devise.

Questions: 1. Is this how you'd implement it? 2. Any suggestions/code samples on #2 and #3? 3. How would you handle authorization with this? I don't think CanCan will work.

P.S. I read through many articles, including this: http://jessewolgamott.com/blog/2012/01/19/the-one-with-a-json-api-login-using-devise/. They seem to be focused on authentication using the API, rather than securing the API resources after authentication is completed.

Answer 1

I actually got this to even a little easier by:

User logs in via Devise/OmniAuth, no authentication token needs to be created If I use the same action that is Devise enabled to serve up the REST API, it'll automatically use the session info to authenticate, so no additional token capture/resend is needed.

P.S. RABL is generate for creating API's in Rails.