I am currently building an iPhone app with rails backend. I am using solely facebook 's Single Sign On (SSO) on the iphone and authentication works great on the client end pretty well. I am using devise on rails as the backend. NOTE i have consulted Design for Facebook authentication in an iOS app that also accesses a secured web service already I see that devise has something called token_authenticable which is essentially the "ticket" described in step 5 of that thread. This is the current flow I see user sign on to facebook SSO on the phone user makes a call to myserver.com/sessions/fb_sso with { access_token: X } On the server end (at SessionsController#fb_sso, I will make an API call to facebook with the access_token If access_token is valid, check if user exists in db. If user does not exist, create a new user Now we can return { user_id: X, devise_auth_token: Y } back to the call on 1) This is pretty straight forward. However, I have a couple of questions: With the devise_auth_token, does that mean I no longer have to call sign_in("user", resource) from devise? (found here http://jessewolgamott.com/blog/2012/01/19/the-one-with-a-json-api-login-using-devise/ ) Where will be the best place to put the code for 3-4? I can't seem to find much on Google about this topic. Why are there so few tutorials out there for a process so common? Am I missing something blatantly obvious?

Reputation: 8060

Rails Authentication with Access_token from Facebook

I am currently building an iPhone app with rails backend. I am using solely facebook 's Single Sign On (SSO) on the iphone and authentication works great on the client end pretty well. I am using devise on rails as the backend.

NOTE i have consulted Design for Facebook authentication in an iOS app that also accesses a secured web service already

I see that devise has something called token_authenticable which is essentially the "ticket" described in step 5 of that thread. This is the current flow I see

user sign on to facebook SSO on the phone
user makes a call to myserver.com/sessions/fb_sso with { access_token: X }
On the server end (at SessionsController#fb_sso, I will make an API call to facebook with the access_token
If access_token is valid, check if user exists in db. If user does not exist, create a new user
Now we can return { user_id: X, devise_auth_token: Y } back to the call on 1)

This is pretty straight forward. However, I have a couple of questions:

With the devise_auth_token, does that mean I no longer have to call sign_in("user", resource) from devise? (found here http://jessewolgamott.com/blog/2012/01/19/the-one-with-a-json-api-login-using-devise/)
Where will be the best place to put the code for 3-4?
I can't seem to find much on Google about this topic. Why are there so few tutorials out there for a process so common? Am I missing something blatantly obvious?

Upvotes: 12

Answers (2)

pramod

Reputation: 2318

Why can't you use omniauth-facebook gem. Its a very simple solution to get the access token for if you use devise its potentiality will double. Make sure that you need to get different access token at different login time.

You can go through this link https://github.com/pramodv-nyros/social-login-in-rails

Upvotes: 1

atu0830

Reputation: 405

You have to use same token on server and ios client. A simple solution is put all logic on server side by device+omniauth, iOS only handle UI and response from server side. If you want to get token from iOS like use facebook iOS SDK, you should tell the token to Server side, but looks not safe.

Upvotes: 0

Rails Authentication with Access_token from Facebook

Answers (2)

Related Questions