Why not devise+omniauth? On Aug 22, 2014 4:55 PM, "Darek F." <[email protected]> wrote:
> We want to build three example apps. > > 1. sinatra oauth2 provider > 2. rails app with angular.js on frontend auhenticated through 1 app > 3. sinatra on backend and angular.js on frontend auhenticated through 1 > app > > Our Rails/Sinatra app will be authenticate users using [satelizer][1] > and our custom provider. > > These is our **Oauth2** workflow right now. > > 1. Using Satellizer we get the authorization code from provider. We > send this code to our backend. > > 2. In backend using this authorization code, secret key and other > params, we send an request to provider to get an access token. > 3. Using this obtain access token we call '/me' action to get an > uid, > email and other user attributes from provider. > 4. In the same action we parse the response body and we find or create > user based on uid. > 5. We are wondering about this step which should somehow set the user's > authentication token. > - store the provider access token in user database record. > - generate new authentication token and change it on every request > 6. Generate JWToken with user uid and token and send it back to > satellizer. > 7. Then on each request Satellizer include Bearer JWToken in header. > After recive request our backend verify header token stored in database > and call sing_in method in our case devise(sign_in, store: false) maybe > in sinatra app we will use warden. > > What do you think about this concept? Maybe we are missing something. > These is our first **Oauth2** authentication implementation and we are > worried about it. > > [1]: https://github.com/sahat/satellizer > > -- > Posted via http://www.ruby-forum.com/. > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/rubyonrails-talk/40e1c07226af9f2dc06b8cd8a8c2382a%40ruby-forum.com > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CAPncwvLHEmKxdEbpk32Vi2wOdTSm3FqpS8bg5DjBxr3zAfF%2BLg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
