I have an existing rails app which is running on mongoDB and devise for authentication. Now i want to configure an open source forum (forem) at the subdomain of my app.
All i want is the common authentication for both of these. If my users are logged in my main_app then click on forum then they should don't need to sign in again for the forum.
I could have integrate the forum directly with same User model but the problem is my app is using mongoDB and the forum is built up on ActiveRecord.
So now both apps have their independent databases. What is the best approach to merge their authentication and every request from forum app is authenticated using my main_app (running on mongoDB) ??
Make an authentication api in the Rails app and let forum call it for authentication instead of managing it's own users
Related
My team and I are currently developing an iOS app that connects to our Spring Boot backend, unfortunately there is little to no documentation online on how to manage authentication between the two.
Here is what we aim to achieve:
User opens app and is prompted to sign in with Apple.
App then sends some sort of token that can be used to retrieve the users email to the backend with all requests.
Backend then verifies email using token with each request.
Is this possible to do? If so, a resource on how to do it would be greatly appreciated! I have spent hours looking online to figure out how to do this with not much out there.
I have a mobile application built upon Ionic Framework which uses many Cordova packages. We are upgrading the app from Ionic3 to Ionic5. In the Ionic3 application our .NET API was responsible to managing user logins. Going forward, in the Ionic5 app we will NOT be managing user credentials - we will be using 3rd party Identity Providers such as Google, Facebook, and Twitter.
We have implemented the Cordova packages to handle external authentication with Facebook and Google and it works fine. How do we tie the token that is received from Google/Facebook to our .NET API? When we try to use the token provided from Google/Facebook we - of course - get a 401 because our .NET API doesn't know about that token as it was issued from an external source.
I am aware of the process of how to enable the schema described here (External Authentication Services w/ASP.NET Web Api) but in this case the user agent browses to the Web Application in the browser. This is not true in my case as the user agent will be using a mobile application not a web site.
But I hope the principal is the same. But I'm missing something here.
The user will open the mobile app, authenticate with Google/Facebook and be issued a token. Now, what needs to happen to get that token to be recognized by my ASP.NET Web Api?
For example. When I registered my mobile app with Google Developer's Console I selected that the type of app is an Android application and was issued a Client ID for Android now how can I use this token in my ASP .NET Web API? There MUST be some way to tie the two together or some article out there.
Thanks in advance for your assistance!
Also, I looked at this post and see its 11 years old. Is there something here that I should be doing? Please help point me in the right direction. how-can-i-verify-a-google-authentication-api-access-token
It is about data ultimately, and identifying users in a consistent manner, then tracking their history with your app / business.
SOCIAL LOGIN PACKAGES
These are often cheap and nasty solutions that add complexity to your apps as you are finding.- especially when you need to look things up by user.
OPTION 1 - COMPLEX APPS
Your API could look at the token issuer (ISS claim in the token) and download token signing keys from either Facebook or Google - if JWKS endpoints exist. Then create a user from the access token's sub claim if required.
OPTION 2 - SIMPLER APPS
Deal with only a single type of token in your UIs and APIs, which will work like this. It moves the complexity to your Authorization Server (AS):
You have an Authorization Server (use Google maybe) to deal with token issuing and other central OAuth concerns
You have multiple Identity Providers (eg Facebook + Google) to support different login methods for users
During login Facebook posts a token to the AS
Then the AS issues its own token to your UI
The AS may be able to use Account Linking to provide a consistent user id regardless of login method
There is a learning curve in getting this working, but once done it can easily be scaled to many apps with zero code changes.
The proper answer is Auth0... see the below sequence diagram!
I have a microservice which is running in docker container, can I integrate app id into my application? and do not change the application code.
Also, I only saw google and facebook login item on the log in widget,
how can I add IBM w3id to the widget?
can I store a username and password into appid? then clients can login using the pre-stored credential. how to implement this? thanks.
There should be no any problem to secure your application using App ID, but you need to update the application (backend) code if you need to protect REST APIs. If you need to authenticate your mobile app users only, there is no need to change the backend code (you can review our iOS and Android onboarding samples available in the service dashboard).
IBMid is not released to production yet, so currently there is no option to add it.
About customer credentials - we're working on Cloud Directory feature now, this scenario will be supported once we release it to production.
Thanks,
Vitaly
I have been building out a server api for mobile developers to use for an iphone app. I have no experience with mobile development and they have no experience with ruby on rails. I have attempted to build a mobile authentication route for the app that allows users to log in via facebook. So far, it looks like this:
GET '/auth/mobile/fbtoken=:facebook_token&device_id=:device_id&time_zone=:time_zone&os_type=:os_type', to: 'sessions#fb_sso'
client = OAuth2::Client.new(
ENV['FACEBOOK_APP_ID'],
ENV['FACEBOOK_APP_SECRET'],
site: 'https://graph.facebook.com')
token = OAuth2::AccessToken.new(client, params[:access_token])
user_info = ActiveSupport::JSON.decode(token.get('/me').body)
The resources online for learning how to do this properly are very limited or nonexistant. The only information I have found on how to do this involves using Devise for authentication. Our app currently is equipped for Devise (it's been added and the migration has been made to the User model) but does not currently authenticate via Devise. One of the only specific examples that I have been able to find for what we're trying to do can be found at the bottom of the page on this post:
https://www.ruby-forum.com/topic/4409930
It led me to believe that I was on the right track with the way the route was set up, because everything is the same besides the last step "sign in using Devise method: sign_in #user, :event => :authentication." This is what motivated me to attempt to integrate Devise into our application.
After reading that, what I meant to do was implement Devise in a sort of limited state and use only the sign_in method. Unfortunately, Devise seems to be very opinionated and more of an "all or nothing" sort of solution. I'm very unsure of how to proceed and how to decide whether to completely rebuild a significant portion of our application to support Devise or to abandon it altogether and try to implement my own solution.
tl;dr
1) Is it worth re-doing a significant portion of the Rails app to use Devise?
2) Is it possible to make this route work without Devise? How?
If you are only going to have your users sign in through Facebook then Devise would be unnecessary as you would just be using Facebook's API with Koala or Omniauth to authenticate the user. On the other hand, I see no reason why you couldn't have both your own authentication and Facebook authentication by also using Devise if you want non-Facebook users to use your app; you would just need either form of authentication to create a session.
And if I understand correctly, the solution at the bottom of your link doesn't use Devise for Facebook authentication but it's used to create a session when a person's FB account has been authenticated. Seems like a reasonable way to go.
To answer your TL/DR:
1) Only if you plan on having both a Facebook login and a traditional login at the same time.
2) Yes. Just give those GET parameters to a gem like Omniauth or Koala and create a session once the user has been authenticated.
I have a Rails application for which I use devise to authenticate my users and this works great. I now want to write an iPhone application (not just a WebUI but a proper APP) that accesses the same data and so requires the same authentication. How should I go about doing this?
I want to login using devise and keep the session open so that queries back and forth work as they do on my website. I am very new to both rails and devise.
I'm trying to do the same thing actually. I also have a Rails application, using the Devise Authentication Gem that I would like to create an iPhone App for. I don't know if I have a good answer for you yet, but here's some things I've learned along the way...
According to the README on the Devise GitHub page, it seems that Devise is implementing RESTful authentication with these 2 modules:
Database Authenticatable:
encrypts and stores a password in the database
to validate the authenticity of an
user while signing in. The
authentication can be done both
through POST requests or HTTP Basic
Authentication.
Token Authenticatable:
signs in an user based on an authentication token
(also known as "single access token").
The token can be given both through
query string or HTTP Basic
Authentication.
With HTTP Basic Authentication, your iPhone app won't have to re-authenticate with each request. You will only have to authenticate once, then the framework will remember that it has authenticated.
A few resources that may be helpful for you getting started:
ASIHTTPRequest
Objective Resource
This is a very general answer, but you probably want to use a webservice, in this case exposed within the devise api.
On the iPhone side, it's a web service call, see the docs for "URL Loading System Programming Guide" in the iphone sdk, or maybe this answer: Using a REST API and iPhone/Objective-C
This link answers the question of how to auth an Objective-C app against rails and store the login/password in user defaults for later use:
HTTP authentication between devise and iphone app
Use the method above to add authentication to your Cocoa / Objective-C / Iphone / Mac OS X app against a Ruby On Rails backend.