堆栈内存溢出
  简体   繁体   English

授予Rails应用程序API访问权限的最佳身份验证方法

[英]Best authentication method to grant API access to Rails app

 原文  2011-01-12 18:38:46       ruby-on-rails/ api/ authentication

问题描述

I would like to offer authenticated API access to my web app. 我想为我的网络应用提供经过身份验证的API访问。 The consumers of such a service are typically other web sites/services. 这种服务的消费者通常是其他网站/服务。

What would be the best method of authenticating these users? 验证这些用户的最佳方法是什么? OAuth, openID, http authentication? OAuth,openID,http身份验证?

2 个解决方案

解决方案1
 8 已采纳  2011-04-02 01:46:54

As so much in our line of work, the answer to "which is best?" 在我们的工作中,对“哪个最好?”的答案如此之多。 is "it depends." 是“这取决于”。 :) :)

  • HTTP Authentication - If you're already letting clients log in to your service via an ID and password, you'll probably only have to do minimal work to get this to play nicely with your API. HTTP身份验证 - 如果您已经让客户通过ID和密码登录您的服务,您可能只需要做很少的工作就可以很好地使用您的API。 If your API is basically mono-purpose and doesn't require detailed permissions, you can get something working fairly quickly here. 如果您的API基本上是单一用途的,并且不需要详细的权限,那么您可以在这里快速完成工作。

  • API Token - If you want clients to be able to authenticate easily without providing a password (think companies that build a service that interacts with your API; maybe the IT dept. doesn't want the dev. team knowing the passwords; etc.), then attaching a random API token à la GitHub to the user account is probably the quickest way to go. API令牌 - 如果您希望客户端能够在不提供密码的情况下轻松进行身份验证(请考虑构建与您的API交互的服务的公司;也许IT部门不希望开发团队知道密码;等等) ,然后将随机API令牌àGitHub附加到用户帐户可能是最快捷的方式。 As a bonus, you can supply a method for regenerating the API token without having to change the account password. 作为奖励,您可以提供一种重新生成API令牌的方法,而无需更改帐户密码。

  • OAuth - If you have multiple permissions or want finer-grained control over how and when a client can access your API, OAuth is a pretty good bet (OAuth2 is much easier to work with, IMO, and supports multiple methods of obtaining an access token ). OAuth - 如果您有多个权限或想要更精细地控制客户端访问API的方式和时间,那么OAuth是一个相当不错的选择(OAuth2更容易使用,IMO,并支持多种获取访问令牌的方法 )。 Furthermore, many languages have libraries, gems, etc. that will allow them to simplify the OAuth workflow. 此外,许多语言都有库,宝石等,可以简化OAuth工作流程。

解决方案2
 0  2011-03-25 21:40:35

I would say the "best" method is oAuth. 我会说“最好”的方法是oAuth。 It's more flexible and it can be application independant for further uses . 它更灵活,可以独立于应用程序进行进一步使用。 I am using oAuth to authenticate my clients (applications). 我正在使用oAuth来验证我的客户端(应用程序)。

;) ;)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 仅允许Android应用访问Rails API的最佳做法 - Best practice in allowing only Android app to access Rails API Rails 4 + Amazon S3:授予对Rails API的访问权限 - Rails 4 + Amazon S3: Grant access to Rails API Vimeo API身份验证进入Rails应用 - Vimeo api authentication into rails app "Rails API:实现身份验证的最佳方式?" - Rails API : Best way to implement authentication? 用身份验证在Rails中编写api的最佳方法是什么? - What is best way to write api in rails with authentication? Rails App / API的最佳方法 - Best approach for rails app/api 从外部代理服务器授予对Rails应用程序中高级内容的访问 - grant access to premium content on a rails app from an external proxy server 使用设计认证的API访问 - 最佳实践? - API Access with Devise Authentication - Best Practices? 如何使用Authlogic为Rails应用程序实现API身份验证 - How to implement API authentication for Rails app with Authlogic Rails api和本机移动应用程序身份验证 - Rails api and native mobile app authentication
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM