20389

custom authentication with devise for an API

Question:

so i have a little tricky combination here

Company has many Users User belongs to Company

The User is managed for authentication with devise

class User < ActiveRecord::Base belongs_to :company devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable

You can login as a User and create Objects that all belong to the Company of that, not to the user, for example: Text. (company.texts)

now i created a simple API using the acts_as_api gem. for this i simply have to modify my text-controller, f.e. the show action.

class TextsController < ApplicationController load_and_authorize_resource def show #@text = Text.find(params[:id]) respond_to do |format| format.html format.json { render_for_api :texts_all, :json => @text } end

this works quite fine on the website. the problem is the API. i don't want to authenticate when accessing the api via the user model. the company does have a attribute called :hashwhich i want to use for Auth in the API.

i don't have any idea how to achieve this using devise (or any other method). so by default devise wants a user to be logged in because of load_and_authorize_resource in my controller which is fine for the html response but not for the json response.

any ideas?

thanks for reading this. please leave a comment if something is unclear!

Answer1:

Just use Token Authenticatable and send the token with each request on your API.

<a href="http://zyphdesignco.com/blog/simple-auth-token-example-with-devise" rel="nofollow">Here is a tutorial for it.</a>

Answer2:

Conditionally apply auth filters based on accepted format headers:

# override in controllers related ot API def authenticate_user! respond_to do |format| format.html { super } # just like before format.json { enforce_api_auth } end end

Now API calls enforce their own auth.

Recommend

  • Swagger/Swashbuckle list acceptable values?
  • Instead of adding another element It is landing to a another page
  • Number of variables doesn't match number of parameters - Yes they do
  • How do I clone a class in intellij?
  • Grails redirect with reverse proxy
  • Write “NOT IN” in Doctrine Query Language
  • Encrypting credit card details using AngularJS in Braintree
  • Autohotkey script running program with command line arguments
  • Heroku push rejected - Hartl's Rails 3.2 tutorial
  • How to autopopulate a field in SugarCRM form
  • Ember.js model to be organised as a tree structure
  • WPF ICommand CanExecute(): RaiseCanExecuteChanged() or automatic handling via DispatchTimer?
  • How solve “Qt: Untested Windows version 10.0 detected!”
  • OOP Javascript - Is “get property” method necessary?
  • How to attach a node.js readable stream to a Sendgrid email?
  • Sencha Touch 2.0 Controller refs attribute not working?
  • Could not find rake using whenever rails
  • why do I get the error when installing the gem 'pg'? [duplicate]
  • Master page gives error
  • AES padding and writing the ciphertext to a disk file
  • How to convert from System.Drawing.Color to Excel.ColorFormat in C#? Change comment color
  • Why doesn't :active or :focus work on text links in webkit? (safari & chrome)
  • Javascript Callbacks with Object constructor
  • Validaiting emails with Net.Mail MailAddress
  • MySQL WHERE-condition in procedure ignored
  • How can I use Kendo UI with Razor?
  • Redux, normalised entities and lodash merge
  • Hazelcast - OperationTimeoutException
  • Web-crawler for facebook in python
  • RestKit - RKRequestDelegate does not exist
  • bootstrap to use multiple ng-app
  • Revoking OAuth Access Token Results in 404 Not Found
  • trying to dynamically update Highchart column chart but series undefined
  • Authorize attributes not working in MVC 4
  • Busy indicator not showing up in wpf window [duplicate]
  • Binding checkboxes to object values in AngularJs
  • Python/Django TangoWithDjango Models and Databases
  • java string with new operator and a literal
  • Net Present Value in Excel for Grouped Recurring CF
  • How to load view controller without button in storyboard?