Ruby on Rails Friday, December 22, 2017

I have a corporate OAuth 2.0 API that every application should use to authenticate its users. This API requires a request to have the following parameyers:
  • response_type : must be set to "token"
  • client_id : client identifier for the application
  • redirect_uri : URI for the callback
  • state : a random value used by the client to maintain state between the request and callback
Example:

HTTP GET
https://corporate.auth.com/authorize?response_type=token&client_id=mySinglePageApp&state=myAppRandomState&redirect_uri=http%3A%2F%2Fmyapp%2Fcallback

If the user is not authenticated, the standard corporate login page is displayed to enter user name and password.
If the user is authenticated after submitting the his user name and password, he is redirected to the client callback URL with an API generated token:

HTTP 302 Redirect
Location https://myapp/callback#access_token=2YotnFZFEjr1zCsicMWpAA&type=Bearer&expire_in=3600&state=myAppRandomState


What is the way to go to connect a Rails app to this API ? Should I the use the Devise gem for that ? Any other solutions ?

Thank you!

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/42651038-d802-4e1d-bdb6-8b89cf6e8f38%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment