Omniauth 用于 Rails API 中的提供者身份验证

【问题标题】:Omniauth for provider authentication in Rails APIOmniauth 用于 Rails API 中的提供者身份验证
【发布时间】:2012-06-26 15:17:55
【问题描述】:

我已经让omniauth 完美地为我在网络上的rails 应用程序工作。我还为我们的 iPhone 应用创建了一个 API 以进行交互,并且我正在尝试让omniauth 发挥作用。

有没有办法将访问令牌(从与 Facebook.app 集成的 iOS 集成中接收)传递给 omniauth 以在数据库中创建提供程序条目?

现在在我的网络应用程序中,我有一个带有以下代码的身份验证控制器

  def create
    omniauth = request.env["omniauth.auth"]
    user = User.where("authentications.provider" => omniauth['provider'], "authentications.uid" => omniauth['uid']).first

    if user
      session[:user_id] = user.id
      flash[:notice] = t(:signed_in)
      redirect_to root_path
    elsif current_user
      user = User.find(current_user.id)
      user.apply_omniauth(omniauth)
      user.save
      flash[:notice] = t(:success)
      redirect_to root_path
    else
      session[:omniauth] = omniauth.except('extra')
      flash[:notice] = "user not found, please signup, or login. Authorization will be applied to new account"
      redirect_to register_path
    end
  end

【问题讨论】:

    标签: ruby-on-rails ruby-on-rails-3 api omniauth


    【解决方案1】:

    在我的 API 用户控制器中,我创建了以下内容:

      def create
    @user = User.new(params[:user])
    @user.save

    # Generate data for omni auth if they're a facebook user
    if params[:fb_access_token]
      graph = Koala::Facebook::API.new(params[:fb_access_token])
      profile = graph.get_object('me')

      @user['fb_id'] = profile['id']
      @user['fb_token'] = params[:fb_access_token]
      @user['gender'] = profile['gender']

      # Generate omnihash
      omnihash = Hash.new
      omnihash['provider'] = 'facebook'
      omnihash['uid'] = profile['id']

      omnihash['info'] = Hash.new
      omnihash['info']['nickname'] = profile['username']
      omnihash['info']['name'] = profile['name']
      omnihash['info']['email'] = profile['email']
      omnihash['info']['first_name'] = profile['first_name']
      omnihash['info']['last_name'] = profile['last_name']
      omnihash['info']['verified'] = profile['verified']

      omnihash['info']['urls'] = Hash.new
      omnihash['info']['urls']['Facebook'] = profile['link']

      omnihash['credentials'] = Hash.new
      omnihash['credentials']['token'] = params[:fb_access_token]

      omnihash['extra'] = Hash.new
      omnihash['extra']['raw_info'] = Hash.new

      puts omnihash

      # Save the new data
      @user.apply_omniauth(omnihash)
      @user.save
    end

    【讨论】:

    • 如果你只是像这样传递 fb oauth 令牌,你不就是绕过整个 oauth 过程和所谓的安全优势吗?
    猜你喜欢
    • 2015-03-10
    • 1970-01-01
    • 2019-07-16
    • 1970-01-01
    • 2018-01-22
    • 1970-01-01
    • 2014-04-07
    • 2019-07-20
    • 2021-02-28
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode