使用 Ruby on Rails API 和 React 登录 Google

Question

I'm current trying to implement a login with google as a option to make easier for the user to login and create user.

I have a Rails API that uses devise to login, and a front using React that makes requests to that Rails 5 API.

Im not sure if I have to do all this login on back end or at front end, my greatest problem is create a user when login with google, because I cannot create a user without a password.

I never created this kinda of login system so I'm not sure how works, I believe I have to implement all in back end, using the google oauth gem, but I wanna know if someone has tips how to do it.

Should I use react components only? Rails gems only? or both is the correct answer?

Thank you.

Answer 1

I could give you the direction to this.

First thing, you have to figure out which grant flow you are going to use in OAuth provider.

There are four ways to do it, I only list the most common two ways.

1. Code Grant Flow (Used in website, omniauth-google or similar gem using this way)

2. Implicit Grant Flow (Native app, it means you have to do the OAuth flow in front-end)

If you are going to implement API server, you should consider the second way.

Because API server should be stateless, the first way need session to save the state of OAuth flow.

Besides, devise is not a good idea to implement API server, you should consider jwt or something token-based authentication.

Although, you could enable session store within rails API to use devise or omniauth-series .

If you want to do all the OAuth in front-end, go with the second way.

Or you could simply add button link to your OAuth callback url in your react component, then your web server will deal with your OAuth flow(This is the first way).

After considering your situation, I suggest you use the first way.

Because there are many resource about devise and omniauth-series you could find on internet.