增强现实AR>> rails_api_auth>> 返回
项目作者: simplabs

项目描述 :
Lightweight Rails Engine that implements the "Resource Owner Password Credentials Grant" OAuth 2.0 flow as well as Facebook authentication
高级语言: Ruby
项目地址: git://github.com/simplabs/rails_api_auth.git
创建时间: 2015-07-07T12:34:31Z
项目社区:https://github.com/simplabs/rails_api_auth
开源协议:MIT License
下载


RailsApiAuth

Build Status

Rails API Auth is a lightweight Rails Engine that implements the “Resource
Owner Password Credentials Grant” OAuth 2.0 flow
(RFC 6749) as well as
Facebook and Google authentication for API projects.

It uses Bearer tokens (RFC 6750) to
authorize requests coming in from clients.

Installation

To install the engine simply add to the application’s Gemfile

  1. gem 'rails_api_auth'

and run:

  1. bundle install

Rails API Auth also adds a migration to the application so run

  1. rake db:migrate

as well to migrate the database.

Usage

Rails API Auth stores a user’s credentials as well as the tokens in a Login
model so that this data remains separated from the application’s User model
(or Account or whatever the application chose to store profile data in).

After installing the engine you can add the relation from your user model to
the Login model:

  1. class User < ActiveRecord::Base
  3.   has_one :login # this could be has_many as well of course
  5. end

When creating a new User in the host application, make sure to create a
related Login as well, e.g.:

  1. class UsersController < ApplicationController
  3.   def create
  4.     user = User.new(user_params)
  5.     if user.save && user.create_login(login_params)
  6.       head 200
  7.     else
  8.       head 422 # you'd actually want to return validation errors here
  9.     end
  10.   end
  12.   private
  14.     def user_params
  15.       params.require(:user).permit(:first_name, :last_name)
  16.     end
  18.     def login_params
  19.       params.require(:user).permit(:identification, :password, :password_confirmation)
  20.     end
  22. end

The engine adds 2 routes to the application that implement the endpoints
for acquiring and revoking Bearer tokens:

  1. token  POST /token(.:format)  oauth2#create
  2. revoke POST /revoke(.:format) oauth2#destroy

These endpoints are fully implemented in the engine and will issue or revoke
Bearer tokens.

In order to authorize incoming requests the engine provides the
authenticate! helper that can be used in controllers to make sure the
request includes a valid Bearer token in the Authorization header (e.g.
Authorization: Bearer d5086ac8457b9db02a13):

  1. class AuthenticatedController < ApplicationController
  3.   include RailsApiAuth::Authentication
  5.   before_action :authenticate!
  7.   def index
  8.     render json: { success: true }
  9.   end
  11. end

If no valid Bearer token is provided the client will see a 401 response.

The engine also provides the current_login helper method that will return the
Login model authorized with the sent Bearer token.

You can also invoke authenticate! with a block to perform additional checks
on the current login, e.g. making sure the login’s associated account has a
certain role:

  1. class AuthenticatedController < ApplicationController
  3.   include RailsApiAuth::Authentication
  5.   before_action :authenticate_admin!
  7.   def index
  8.     render json: { success: true }
  9.   end
  11.   private
  13.     def authenticate_admin!
  14.       authenticate! do
  15.         current_login.account.admin?
  16.       end
  17.     end
  19. end

See the demo project for further details.

Configuration

The Engine can be configured by simply setting some attributes on its main
module:

  1. RailsApiAuth.tap do |raa|
  2.   raa.user_model_relation = :account # this will set up the belongs_to relation from the Login model to the Account model automatically (of course if your application uses a User model this would be :user)
  4.   # Facebook configurations
  5.   raa.facebook_app_id       = '<your Facebook app id>'
  6.   raa.facebook_app_secret   = '<your Facebook app secret>'
  7.   raa.facebook_redirect_uri = '<your Facebook app redirect uri>'
  9.   # Google configurations
  10.   raa.google_client_id     = '<your Google client id>'
  11.   raa.google_client_secret = '<your Google client secret>'
  12.   raa.google_redirect_uri  = '<your app redirect uri>'
  14.   # Edx configurations
  15.   raa.edx_client_id     = '<your Edx client id>'
  16.   raa.edx_client_secret = '<your Edx client secret>'
  17.   raa.edx_domain        = '<your Edx app domain>'
  18.   raa.edx_redirect_uri  = 'your Edx app redirect uri'
  20.   # Force SSL for Oauth2Controller; defaults to `false` for the development environment, otherwise `true`
  21.   raa.force_ssl = false
  22. end

A note on Edx Oauth2 code flows

It is nesescary to include the Edx username in the request when making a call
rails_api_auth call /token. When rails_api_auth interfaces with Edx’s
user api, the username is need to retrieve user data, not just a valid
oauth2 token.

E.g.

  1. headers = {
  2.   username: "alice",
  3.   auth_code: "alices_authorization_code",
  4.   grant_type: "edx_auth_code"
  5. }

Contribution

See CONTRIBUTING.

License

Rails API Auth is developed by and ©
simplabs GmbH and contributors. It is released under the
MIT License.