Reputation: 921
How to validate rails API with devise or doorkeeper
I have a rails application in with an API. On the web, I am mixing the use of "normal" rails views with Angular views. I have a base application controller and a base api controller. In the application controller, I use the devise "before_filter :authenticate_user!". In the api controller, I use the doorkeeper "before_action :doorkeeper_authorize!".
For the API, this works if I go through the normal OAuth flow. However, for my Angular views, I already know I am logged in and have a session. I know I can go through the normal OAuth flow in Angular and get an authorization token; however, since I am logged in and have a session, I am trying to figure out how to do this w/o extra calls to the server.
One solution I thought of was to try to use the current logged in user within the api controller if the user was logged in. Not quite sure the best way to do this. If I have a logged in user through device, then I wouldn't need the authorize before_filter from doorkeeper.
Another solution would be to somehow pass the bearer token to the angular SPA view. What I am unsure of is how I would get a bearer token from the rails app using the current logged in user session.
Would appreciate any ideas or help.
Thanks
Upvotes: 1
Views: 807
Answers (1)
Reputation: 375
When we use doorkeeper, we will have a table in database which is used to store the tokens. If I'm not mistaken, the table name is "oauth_access_tokens". There is a column "resource_owner_id" which is the id of the user using a particular token.
If you can get the relationship between your user id (the id which you use in session) with the resource_owner_id, then I think it would not be difficult to get the token.
Another suggestion, if you don't mind editing the doorkeeper gem, you can change the resource_owner_id from using different user id sequence into using your user id in session. If you do this, you can have a look at the controller inside the gem file. There should be "authorization_conrtroller".
Editing matching_token? might give you an idea how to implement what you want to do.
Upvotes: 0
Related Questions
- How to successfully use validate_token in the devise_token_auth gem?
- Setting up an API using Devise for authentication
- How to use Devise for authentication when using an API
- Rails 4 + Devise: Validate password
- How can I simply verify that a username and password are correct with Devise and Rails 3
- Creating authentication API on ruby on rails
- API and Application authentication using Devise, Doorkeeper and OAuth2 token
- API Authentication using Devise (Ruby on Rails)
- Rails RESTful API + Devise - How to check for user's credentials
- rails authentication for an API