-
Notifications
You must be signed in to change notification settings - Fork 238
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to add token authentication to an API? #45
Comments
Hello @ramidr, Short answer: no, do won't be able to use the old Devise methods, but yes, you'll be able to provide token authentication to your API users. Since Devise is installed, once you specified which of your models should act as token authenticatable (i.e will be able to authenticate against the API), and which of your controllers should act as authentication handlers (i.e will require users to be token authenticated to acceed their actions), then you API clients only have to provide the users authentication token and email in order to acceed protected resources. The API clients authentication is one of the primary use cases of Simple Token Authentication and you shouldn't need to do anything but the default setup to get it working. Keep me updated! Regards |
Thanks a lot Gonzalo! |
@ramidr could you post the solution? |
I have some questions yet but the simple example is like @gonzalo-bulnes explain in the gem usage:
Finally you could call through your API client by two ways or methods: http://10.10.10.200:3000/api/products?user_email=example@example.com&user_token=jQu7y1oi41P6d7igCJNL or http://10.10.10.200:3000/api/products and headers: |
My questions for @gonzalo-bulnes is if is it a good practice to send the token in plain because is like a password and this is must be send encrypted. And other question...someone know how could I log in with a mobile app? I want log in with my mobile app through my API and if it is correct, user can access to the rest of API. thanks! |
@ramidr You're welcome; and thanks for helping @ricardodovalle, that's great! About your first question: as soon as there are users involved, I personally consider that Note: How to renew an authentication token:
About your second question: if you want to sign users in from a mobile device, then you probably should ensure the Edit: update HTTPS recommendation, add link to documentation! : ) |
@ramidr, @ricardodovalle I'm editing the issue title, don't get confused! ; ) |
I wrote a blog post explaining how I used this gem to create a simple JSON API that an app can communicate with. I also created a sample project. |
Hi @Sjors, Your article is cool, thanks for announcing it here. As a kind of see also, here are some discussions which have relation with some issues you pointed:
See #34 : ) Regards! |
I'm trying to add a secure API for my rails app, which it uses Devise for the user authentication and a mobile app will be able to use this API.
I'm following this tutorial: http://lucatironi.github.io/tutorial/2012/10/15/ruby_rails_android_app_authentication_devise_tutorial_part_one/ but it uses the deprecated authentication token.
My question is if I install this gem, and configure the models and controllers, I will be able to use the old methods like verify_authenticity_token?
Do you know another way or tutorial in which explain how to authenticated in a mobile app through Devise rails app?
The text was updated successfully, but these errors were encountered: