Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Rails: token authentication from scratch

Tags:

authentication

ruby-on-rails

token

I've got a rails app I want to start enabling some iOS integration with. I have a basic authentication system built mostly from scratch with a little help from Sorcery.

My understanding is there's basically two options for mobile integration: HTTP Basic Auth or Token Auth. From what I've been able to find so far it looks like Token Authentication is the preferred method.

I am not familiar with what token authentication is or how it is supposed to work, and I have not really been able to find any decent guides on this, except for a few tutorials on how to use the relevant module in the Devise library.

So, my question is, what is the basic theory of Token Authentication, and what would a from-scratch token auth system in rails look like? I understand that sharing the code for the entire system might be overkill for an SO answer, but I would be very grateful if anyone can help me understand a basic schematic of how such a system is supposed to work. I'd also happily accept links to any good existing materials on how to do this from scratch, as the main problem is I haven't been able to find anything like that.

Thanks!

like image 471
Andrew Avatar asked Mar 10 '12 21:03

Andrew

1 Answers

Devise and Authlogic have a nice Token Authentication solution. You can either use one of these gems or to implement your own check their source code for inspiration.

Below is my understanding of how token authentication works:

  1. The user signs in using a username/password combination through a post request.
  2. You authenticate the user and generate a unique token and store it in the db.
  3. You send this token back to the iOS device.
  4. The device stores this token in memory.
  5. Any subsequent call to the api need this token passed in as an additional param to auth the user.
  6. For this process to be secure this token needs to have an expiration date and the communication between the iOS device and the server must be encrypted through SSL.
  7. For convenience you can store the user credentials on the device using the iOS keychain.

I hope this helps.

like image 101
George Yacoub Avatar answered Sep 19 '22 15:09

George Yacoub
Sign in to Comment

Related questions

How do I check that a form is pre-populated with values using Cucumber and Webrat?
ASP.NET MVC for Ruby on Rails developers?
how can i load a file in ruby on rails console?
Front-end design first, or back-end development first? For Ruby on Rails site
Missing templates from new Rails 3 app?
Devise ignoring custom strategy
Ruby on Rails: Best way to add Facebook login, Twitter login, OpenID login, etc
Is there a way to step through a Rails app in a debugger?
How to trim text when showing a article summary?
Rails: Hidden field in form_for is not sending parameters to controller
Rails: issuing POST and other http requests from the rails console?
Force a link to download an MP3 rather than play it?
Are bcrypt salts accessible separately?
Add attribute to rails helper text field?
Can spork work with rake tasks?
Rails not using correct version of Ruby
Capybara 'drag & drop' does not work
Rails testing default request host
Testing a method defined in a rake task
Rails: Options for build bundler gemfile

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!