Reputation: 33
Oauth2 access to API by email/password
I use gem 'rack-oauth2-server'. Currently I need add access to API by email/password from mobile app.
About problem: Gem provide access token from 'oauth/access_token' endpoint. This require next parameters: 'email', 'password', 'client_id', 'secret'. 'client_id' and 'secret' - fields of oauth client from mongodb collection. Client have setting to scope access. I have few user types. For each user type be different access scope(different oauth clients).
So, a problem: I want allow get access to api from mobile app for any user type, but, before login, i don't know which type have user. So, mobile app can't know which client_id and sercret should be passwed to 'oauth/access_token' request.
Maybe exist some pre-hook for rails requests or another method for add params to request on fly(server side)? Note: before_filter not can be used, because 'rack-oauth2-server' called before callbacks.
P.S. Excuse me for my bad English.
Upvotes: 0
Views: 342
Answers (1)
Reputation: 11813
Maybe exist some pre-hook for rails requests or another method for add params to request on fly(server side)? Note: before_filter not can be used, because 'rack-oauth2-server' called before callbacks.
Rails app is a stack of Rack middleware. So, you can write a new one that identifies and adds/sets/updates request variables that you need. The link above explains the concept and how to add/manage custom middlewares.
So, a problem: I want allow get access to api from mobile app for any user type, but, before login, i don't know which type have user. So, mobile app can't know which client_id and sercret should be passwed to 'oauth/access_token' request.
Having said that, it seems like you are confusing the meaning of client_id in oAuth context. A client is the application, in your case the mobile app, that is registered and connects to your oAuth endpoint. So, the same mobile application (ideally) should not be connecting using different client_ids. Just have a different forms or a dropdown that would allow your users to select how they want to login and set the appropriate scope param.
PS. Since you are using Client Credentials grant type, make sure you are using secure connection.
Upvotes: 1
Related Questions
- Forgot password Devise gem API
- Bigcommerce redirect_uri_mismatch oauth2 error
- Authentication using Resource Owner Password Credentials in Rails
- ruby's oauth2 grant_type
- API signin to generate token using devise in rails 4
- How to verify that API call is proper resource request with Alex Bilbie's OAuth2 Server PHP?
- Oauth2 password grant type with Doorkeeper and Angular
- authentication using Doorkeeper from client-side application without transmitting secrets