Adding OAuth to a Scalatra web service - scala

I am looking to build a Scalatra based API. One of the requirements is OAuth authentication. I noticed the guide for OAuth isn't yet put up on the official Scalatra site. Is the best way to currently add OAuth support by figuring out how to add an OAuth based strategy into Warden? I come from a Ruby on Rails based background, so new to a lot of Scala/Java conventions. There's probably several ways to tackle this but I'm hoping for any solution that's documented and can be referenced for implementation in my own application.

I am currently rewriting a Ruby/Sinatra app in Scala/Scalatra. I found the easiest way to add OAuth is to use Scribe (https://github.com/fernandezpablo85/scribe-java). There is a guide on using Scribe with Scala here:
https://github.com/earldouglas/nuevos#consuming-the-twitter-api-in-scala-with-scribe
Note that the exact implementation of the Twitter API is outdated. He made some minor updates to the code without actually updating the README (That confused me for some time.) I suggest you read the normal Java Scribe guide first, then take a look at the source code of the Scalatra example.

Related

Start with web API/REST API

I am in the process of creating an app (cross-platform with Ionic framework) and during my research about app with this framework I found the one created for HabitRPG and it is using an API to retrieve data, it totally suits my app as well, but I don't know where to start to create an API nor what to use.
I allready did some quick test with Spring, NodeJS and Symfony (with FOS) but I'm looking for something really easy to use and to setup but still to have a lot of flexibility (like manage security, users, and data visibility).
Is there a specific technology easy enough to start with ?
If you want to create a Web API and host it, you can perhaps have the look at APISpark (http://restlet.com/products/apispark/). It's an online plateform that allows to design your APIs following REST principles and then host them. The data are also managed by the platform.
Hope it helps.
Thierry

Writing an api-doc for Swagger

I'm trying to use the Swagger UI, and it says that I should begin by writing an api-doc that describes the exact api for a REST api. The problem is that I have no idea what this means. Is this document written in plain English? Or is there a certain format that will be able to generate the UI?
Thank you!
Swagger is a specification for describing REST APIs. Documentation of the specification can be found here - https://github.com/swagger-api/swagger-spec.
Generally, there are two ways to document your API. If you already have an existing API with code, you can use any of the existing libraries (https://github.com/swagger-api/swagger-spec#additional-libraries) to integrate into your code and generate documentation at run time. Some of those libraries also offer offline generation of such docs.
If you're looking to design an API, or would rather not integrate another library into your application, you can use https://github.com/swagger-api/swagger-editor either locally or with the online version - http://editor.swagger.io.
Once you have the documentation, you can use Swagger UI to visualize and test it.

play framework app authentication, user management

Following the Book App example in play 2 for scala, I now have a basic working app.
What I want now is to add some features like
User registration
User authenetication to access some pages
What is the best way to do it in play for scala? Should I manage it by my own? is there a plugin for that?
Note: I'm the maintainer of Silhouette.
I can suggest you Silhouette which is a core only fork of Secure Social with the intention to built a more customizable, non-blocking and well tested implementation.
For the first stable version there are only two open issues which must be resolved. And these issues are only future requests. There are no API changes planed. The documentation must be improved and a sample application is started. The unit tests are also a good starting point.
If you plan to follow the authentication flow as stated by Secure Social then stick with it. It exists since more than two years and it is well tested by many companies. Otherwise take a look at Silhouette.
You have two options:
Secure Social (http://securesocial.ws/)
But it has unusual registration flow, where the user have to enter your email first, and receive link to registration form.
However, there is a pull request that address this issue (https://github.com/jaliss/securesocial/pull/260)
Play Authenticate
It doesn't support Scala out of the box. But there is a workaround created by me here: https://github.com/joscha/play-authenticate/issues/92
Both of them requires you to write the interface layer to database. An important drawback in both of them, is that you won't be able to make use of reactive database drivers like Reactive Mongo. they assume that you will return the results immediately, not a Future of the result.
There is a securesocial plugin (http://securesocial.ws). Covers most common authentication methods, has registration stuff. I found it very usefull.
The drawback is it's documentation. If you want to do something a bit differ from the simplest scenarios - be prepared to read through the source code.

Rest with oauth2

I'm using this library with my codeigniter rest service. Basically, I have a REST_controller, that is inherited, and checks for a valid token, using that library.
All I want is to provide an API to secure some of the API methods.
Now, I'm lost reading most of the specs for oauth2 and tutorials regarding that library.
Can anyone help me, proving good tutorials, examples and explanations on I can achieve, a simple login system and then, call user authenticated methods.
Thanks in advance
Just constructed a pictorial tutorial for OAuth2.0 specs. In case you may find this useful:
Tutorial : http://restful-fundamentals.blogspot.in/2013/04/oauth-20-introducation.html
Also adding a web app demo demostrating the different Authorisation Grants flows. It contains the path to the google code as well as some other tips.
http://restful-fundamentals.blogspot.in/2013/04/svn-repository-oauth20-spectifications.html
***Your comments at that blog may be useful to me to improve the contents there*
I did a demo using spring MVC and spring security you can find source code here

Is Meteor an option, if i need an additional REST API?

I'm, going to write a web app, which should be CRUD accessible from both, the web and native mobile device apps. For the latter i'm definitely committed to a REST API. Is it possible to realize that with Meteor.com ? Would it be an option to use Meteor for just the web and a second REST interface to directly talk to the mongo? Since the meteor client listens for changes in the mongodb this should not cause conflicts, does it?
As of 2015, look at Gadi's answer for the Meteorpedia entry on REST APIs, and at krose's answer comparing REST API packages. Discussion for folding REST APIs into core is on Hackpad. This question is a duplicate of How to expose a RESTful service with Meteor, which has much better answers. -- Dan Dascalescu
Old answer (2012) below.
For adding RESTful methods on top of your data, look into the Collection API written for Meteor:
https://github.com/crazytoad/meteor-collectionapi
As for authentication for accessing the database, take a look at this project:
https://github.com/meteor/meteor/wiki/Getting-started-with-Auth
Both are definitely infantile in development, but you can create a RESTful API and integrate it with a mobile native client pretty easily.
There are a lot of duplicates of this question. I did a full write-on on this in Meteorpedia which I believe covers all issues:
http://www.meteorpedia.com/read/REST_API
The post reviews all 6 options for creating REST interfaces, from highest level (e.g. smart packages that handle everything for you) to lowest level (e.g. writing your own connectHandler).
Additionally the post covers when using a REST interface is the right or wrong thing to do in Meteor, references Meteor REST testing tools, and explains common pitfalls like CORS security issues.
If you are planning to develop a production application, then Meteor is not an option right now. Its under constant change, and there are still many common features it has to support before its ready to use, which will be quite some time.
For your Question, Somebody has already asked and answered the question about support for file uploading in meteor(also contains HTTP handing related information).
How would one handle a file upload with Meteor?