Re: [Rails] Facebook login on mobile app through a rails app

Ruby on Rails Monday, January 28, 2013



On Mon, Jan 21, 2013 at 12:10 PM, Nicolas Desprès <nicolas.despres@gmail.com> wrote:


On Mon, Jan 21, 2013 at 11:41 AM, Nicolas Desprès <nicolas.despres@gmail.com> wrote:


On Thu, Jan 17, 2013 at 7:35 PM, Ignacio Piantanida <napoplate@gmail.com> wrote:
2013/1/17 Nicolas Desprès <nicolas.despres@gmail.com>


On Wed, Jan 16, 2013 at 6:17 PM, Vitor HP <vitorhp2@gmail.com> wrote:
Hi folks.

Hi,
 

I'm building a rails app that provides an api for a mobile app.

I have the same setup.
 
The mobile app requires the user to login through his facebook account.

My question is about who should be responsible for requesting the login.

The mobile app or the rails app.
So far, the mobile app login using the Facebook SDK and use that information to log into the Rails app. The Rails server uses Devise+Omniauth. 
Right now I am not really happy with this since I can't figure out how the Rails app can use the login information retrieved via the mobile app to interact with the Facebook platform.

I will write more as soon as I have further information.

Regards,

--
Nicolas Desprès



The mobile app should do the login process. It then should send to the server the "access token" given by Facebook.
With this token you are able to identify your user through the "graph api".

Well this is point where I am stuck. As describe here : https://developers.facebook.com/docs/howtos/login/server-side-login/ I understand how works the server-side authentication process and it works well using a web browser. What I don't really understand are the steps the mobile app has to do. Does it have to follow all the redirection ? That could imply to write a lot of code on the mobile app side. It does not look like just a couple of GET and POST to send.


To be clearer I don't understand how do you send the access token from the mobile app to the server. Currently I have two entry points in my JSON API to authenticate. One for the custom authentication (using the account for my web app, setup by devise) and another one for the facebook authentication through the server-side flow (provided by omniauth). Should I add another entry point to pass the access token ? It looks like a security hole to me.

Finally, I got it right and there is no security hole to pass the access token. It should be done via https, though.

--
Nicolas Desprès

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

Posted by Ruby on Rails at 2:20 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)