Rails API, Devise & Mobile App.
Question
I am designing a Rails application which will be consumed from a native mobile application. I am new to Rails and thus I feel a bit lost. I want to achieve the following:
• Users of mobile application should be able to login using Facebook and invite their friends.
• Users should be authorized in order to call the APIs.
To secure the APIs (I have read so many posts so far), I decided to do the following:
• Use Devise gem on the service side with token_authenticatable to authenticate the client of the API ie my mobile app.
The workflow is as the following:
• On client app: user logs-in using facebook and obtains a valid token.
• On client app: Facebook token is sent to the service.
• On the service: using FB graph I will make sure the user is real.
o If they exist in my db, I will generate a token token for the api.
o Else, I will add them to my db and generate a token for the api.
In my controllers, I am using before_filter :authenticate_user! but that seems to authenticate the user forever. My questions:
• Is this the best way to do this?
• What if the api token is intercepted? Other users will be able to make calls to the api using that token?
Any articles, books, casts will be appreciated.
1 answers
solution1
0 2015-03-18 18:58:18
Have you gone through the hartl tutorial ? It's pretty full with information. Once you have a working regular rails app you can research how to make it more API like which isn't hard. Check out this railscast for a place to start. Also while not free One Month Rails is simply amazing with their content and if you are seeking to get serious about web development, I can't recommend them strongly enough
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.