Rails JSON API oauth authentication

Question

I've been researching the best approach for implementing facebook, twitter, and email/password authentication for a pure JSON rails 4.1 application that uses rails-api. The rails app has NO views and just serves JSON between android and iphone applications hybrid native apps (They use the ionic framework that is an angular application compiled into a native application).

In the past I've implemented basic authentication where an auth_token is passed in headers from the clients apps to a Rails API with no issue using rails built in auth, but since this time I need to integrate with Facebook and Twitter I'm looking for a solution that utilizes oauth.

I've looked into devise, but it doesn't seem to play nicely with a pure JSON api. Likewise, omniauth seems to rely on views & redirects. Additionally, opro and doorkeeper seem great for being your own oauth provider but I don't see how they handle 3rd parties like facebook and twitter.

How are people implementing multi-provider oauth authentication for a pure JSON API app in rails?

Answer 1

Look at this blog. Here the author has explained to implement google oauth2 in android with rails backend with some nice diagrams. Hope this will help.

Answer 2

I made a very similar JSON Api using growl. The authentication used custom service classes to auhenticate against google, facebook, twitter. The service class for facebook needed a facebook tokan and used the Koala gem to fetch the information from facebook and to populate the social identity. If necessary it created a new user or it associated the social identity with an existing user with the same UID or email.

This way we had custom fine grained controll over the whole authentication process.

We also used swagger to document the API and to provide an easy to test frontend.