Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Rails Authentication with Access_token from Facebook

I am currently building an iPhone app with rails backend. I am using solely facebook 's Single Sign On (SSO) on the iphone and authentication works great on the client end pretty well. I am using devise on rails as the backend.

NOTE i have consulted Design for Facebook authentication in an iOS app that also accesses a secured web service already

I see that devise has something called token_authenticable which is essentially the "ticket" described in step 5 of that thread. This is the current flow I see

  1. user sign on to facebook SSO on the phone
  2. user makes a call to myserver.com/sessions/fb_sso with { access_token: X }
  3. On the server end (at SessionsController#fb_sso, I will make an API call to facebook with the access_token
  4. If access_token is valid, check if user exists in db. If user does not exist, create a new user
  5. Now we can return { user_id: X, devise_auth_token: Y } back to the call on 1)

This is pretty straight forward. However, I have a couple of questions:

  1. With the devise_auth_token, does that mean I no longer have to call sign_in("user", resource) from devise? (found here http://jessewolgamott.com/blog/2012/01/19/the-one-with-a-json-api-login-using-devise/)
  2. Where will be the best place to put the code for 3-4?
  3. I can't seem to find much on Google about this topic. Why are there so few tutorials out there for a process so common? Am I missing something blatantly obvious?
like image 219
disappearedng Avatar asked Jun 17 '12 20:06

disappearedng


People also ask

How do I set up OAuth on Facebook?

In the App Dashboard, choose your app and scroll to Add a Product Click Set Up in the Facebook Login card. Select Settings in the left side navigation panel and under Client OAuth Settings, enter your redirect URL in the Valid OAuth Redirect URIs field for successful authorization.

Does Facebook use token based authentication?

When your app uses Facebook Login to authenticate someone, it receives a User access token. If your app uses one of the Facebook SDKs, this token lasts for about 60 days. However, the SDKs automatically refresh the token whenever the person uses your app, so the tokens expire 60 days after last use.


1 Answers

Why can't you use omniauth-facebook gem. Its a very simple solution to get the access token for if you use devise its potentiality will double. Make sure that you need to get different access token at different login time.

You can go through this link https://github.com/pramodv-nyros/social-login-in-rails

like image 50
pramod Avatar answered Oct 19 '22 11:10

pramod