[英]How do I authenticate a user if they are not using my web (rails) application, e.g. using an API
I have created a Rails (3.2) application that uses the OmniAuth gem to provide OAuth authentication. 我创建了一个使用OmniAuth gem提供OAuth身份验证的Rails(3.2)应用程序。 Users can log into the site using their Twitter, Facebook or Google credentials, pretty bog-standard functionality.
用户可以使用自己的Twitter,Facebook或Google凭据登录到该站点,这是非常糟糕的标准功能。
I now want to make the data available via an API so it can be consumed outside of my web application, however, users would still have to login to be able to access their data. 我现在想通过API提供数据,以便可以在我的Web应用程序之外使用它,但是,用户仍然必须登录才能访问其数据。 How do I do this in my Rails APP?
如何在Rails APP中执行此操作? And what would the user have to do to be able to call this?
用户必须怎么做才能拨打电话?
UPDATE Some people are suggesting "alternative" authentication methods, but I am wondering if I cannot use the same OAuth credentials I already have for them. 更新有些人建议使用“替代”身份验证方法,但是我想知道我是否不能使用已经为它们使用的相同OAuth凭据。 I don't want them to have to provide another username/pwd, I want them to be able to use their Twitter, Facebook or Google Identities as they do when they use the WebUI.
我不想他们必须提供其他用户名/密码,我希望他们能够像使用WebUI一样使用其Twitter,Facebook或Google身份。
authenticate_with_http_basic (or digest if you like) might work for you, called from a before filter in the controller. 从控制器中的before过滤器调用的authenticate_with_http_basic(如果需要,也可以摘要)可能对您有用。
You can test with curl, using the --user parameter. 您可以使用--user参数对curl进行测试。
Here's a good thread on the topic: In Ruby on Rails, what does authenticate_with_http_basic do? 这是一个关于该主题的好线程: 在Ruby on Rails中,authenticate_with_http_basic有什么作用?
Devise has the feature token authentication which is what you are looking for. Devise具有所需的功能令牌认证。
Also visit http://zyphmartin.com/blog/simple-auth-token-example-with-devise 另请访问http://zyphmartin.com/blog/simple-auth-token-example-with-devise
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.