Reputation: 3029
Ruby on Rails - Facebook Authentication with REST backend
I am building a javascript front-end and a Rails REST API backend. Users can only login using Facebook. What is the best architecture for something like this? I am a Rails and REST newbie but here's what I'm thinking so far:
- Login on the client using the FB javascript library
- Send a request to /users/current. Include the FB token in the request. (Is this URL restful?)
- On the server
- If the token is valid, fetch the users info and transmit the JSON back (id, pic, name, etc)
- If the token is invalid, transmit an error back
Could someone please point me in the right direction? Thanks!
Upvotes: 1
Views: 1897
Answers (2)
Reputation: 197
@Leo has given you one direction of approach.
Another way is to use Devise.
Configure Devise to be Token Authenticatable.
Steps here: http://matteomelani.wordpress.com/2011/10/17/authentication-for-mobile-devices/Set
config.skip_session_storage = [:token_auth]in initializers/devise.rb so that session is not stored and you have to send token id every timeDefine a function as below. This function validates if the FB access token you send is correct and if it corresponds to the FB id. We have to use this function in places where valid_password is called, as we don't ve have a password created by user in our database. But we have to get it verified from Facebook.
def self.valid_password_custom?(password, fbid) uri = URI.parse("https://graph.facebook.com/me") fb_params = {"access_token"=>password} http = Net::HTTP.new(uri.host, uri.port) http.use_ssl = true request = Net::HTTP::Get.new(uri.path) request.set_form_data( fb_params ) request = Net::HTTP::Get.new( uri.path + "?" + request.body ) response = http.request(request) json_response = JSON.parse(response.body) if json_response["id"] == fbid logger.debug("FB Access token is valid for the user") return true else logger.debug("FB Access token is not valid for the user. ID for access token is '#{fbid}'") return false end endOnce the above steps are set you ll get a token back from devise. You can use it to communicate with APIs
Upvotes: 1
Reputation: 19809
That is correct, I'm actually developing an application using same concept but through Google login.
What you are looking for is OAuth 2.0 for Facebook or OpenID if you plan to incorporate federated login.
So yeah, basically what you said is correct. You get the authorization token from the client, send request to the server which you should have a authentication method that checks for the validity of the token by sending a GET request for user info to facebook with that token. After you get the response, you should return the information in JSON or an error depending on the data you get back from the GET request.
That should point you in the right direction. Hopefully this helps.
Upvotes: 1
Related Questions
- Rails-api authentications for Facebook SDK iOS connect?
- Rails JSON API oauth authentication
- Workflow and Securing? Ruby on Rails API for separated frontend with facebook login
- Facebook authentication over API
- Building an API backend with Rails 3 and Facebook login
- Facebook login in a Ruby on Rails application
- twitter and facebook connect in rails
- Facebook Connect + restful_authentication
- Restful authentication + Facebook connect - User model redesign
- RoR 3 - authentication with Authorization combined with Facebook Connect