堆栈内存溢出
  简体   繁体   English

验证Web和Mobile to Rails API

[英]Authenticating Web and Mobile to Rails API

 原文  2011-12-07 12:28:48       ruby-on-rails/ ruby/ http/ authentication

问题描述

I am reading the Service Oriented Design with Ruby book by Paul Dix and many posts here but am left with many questions surrounding authenticating users and the application. 我正在阅读Paul Dix撰写的《使用Ruby进行面向服务的设计》一书,并在此处发表了许多文章,但在身份验证用户和应用程序方面还有很多问题。

I want to have api.site.com as a RESTful Rails app serving up JSON. 我想将api.site.com作为提供JSON的RESTful Rails应用程序。 Secure.site.com will be a web app (maybe Rails or maybe PHP) that will consume the service. Secure.site.com将是一个使用该服务的Web应用程序(可能是Rails或PHP)。 Also a mobile app such as iPad will also consume it. 此外,iPad等移动应用程序也会使用它。

So is the first step to build in a level of auth so that only my web app and mobile app can consume the service? 那么第一步是构建身份验证级别,以便只有我的Web应用程序和移动应用程序才能使用该服务吗? Then once the calling app has been authenticated, both these apps will have users who want to CRUD their data so then authenticate them as well? 然后,一旦对调用应用程序进行身份验证,这两个应用程序将都具有希望对数据进行分批处理的用户,然后还要对它们进行身份验证吗?

I've read about Http basic, digest, tokens, oauth and many plugins but am having a difficult time narrowing down the most flexible and reusable way. 我已经阅读了有关Http基本,摘要,令牌,oauth和许多插件的信息,但是很难确定最灵活和可重用的方式。 For now this is simply learning so I would like to stay away from plugins so I can learn the code better. 现在这只是学习,所以我想远离插件,以便我可以更好地学习代码。

Can my web app use normal sessions like I'm familiar with and then the mobile use their equivalent to sessions. 我的网络应用程序可以使用我熟悉的普通会话,然后移动设备使用与会话相同的会话吗? At that point I still have no authenticated the calling app though. 到那时,我仍然没有对调用的应用程序进行身份验证。 Http basic seemed like I could use it from both, but I didn't see a way for my web app to use a normal login form and logging out seemed like an issue. Http basic似乎可以从两者中使用它,但是我没有看到我的Web应用程序使用普通登录表单的方式,并且注销似乎是一个问题。

1 个解决方案

解决方案1
 1 已采纳  2011-12-08 14:59:34

I would suggest two solutions for you. 我会为您建议两种解决方案。

  1. Use a Gem like devise for login system and inherit the devise registration and sessions controller to make it respond to JSON requests. 使用像devise这样的Gem来登录系统,并继承devise注册和会话控制器,以使其响应JSON请求。

  2. Create your own simple authentication and use respond to HTML and respond to JSON for separating web and mobile login 创建您自己的简单身份验证,并使用响应HTML和响应JSON来分隔Web和移动登录

Iam not totally sure whether a mobile device maintains a session (please look around) but u can always use a token authentication system if it doesnt. 我不能完全确定移动设备是否维护会话(请环顾四周),但是如果没有,您可以始终使用令牌认证系统。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 rails Devise http 认证手机 - rails Devise http authenticating mobile 通过Rails 4 API对Android应用进行身份验证 - Authenticating an android App to a Rails 4 API 使用现有 Rails 应用程序验证 Flask API - Authenticating Flask API with an existing Rails App 用于移动 API 的 Rails - Rails for mobile API 使用Rails进行移动API身份验证 - Mobile API Authentication with Rails Rails移动API - Rails Mobile API 将Rails Web应用程序的用户会话与用于移动应用程序的Rails API的授权令牌结合使用。 - Using user sessions for the rails web application in conjunction with authorization token for the rails API for mobile apps. Heroku(PostgreSQL)上的现有Ruby on Rails Web应用程序,Devise身份验证,需要添加Rails API以支持移动设备 - Existing Ruby on Rails web app on Heroku (PostgreSQL), Devise authentication, need to add Rails API for mobile backed 通过 Rails API (Omniauth + Devise) + JS Frontend 验证文档签名 - Authenticating docusign via Rails API (Omniauth + Devise) + JS Frontend Ruby On Rails Devise移动Api - Ruby On Rails Devise Mobile Api
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM