How to authenticate a User with a corporate OAuth2 API

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

How to authenticate a User with a corporate OAuth2 API

Serguei Cambour
I have a corporate OAuth 2.0 API that every application should use to authenticate its users. This API requires a request to have the following parameyers:
  • response_type : must be set to "token"
  • client_id : client identifier for the application
  • redirect_uri : URI for the callback
  • state : a random value used by the client to maintain state between the request and callback
Example:

HTTP GET
https://corporate.auth.com/authorize?response_type=token&client_id=mySinglePageApp&state=myAppRandomState&redirect_uri=http%3A%2F%2Fmyapp%2Fcallback

If the user is not authenticated, the standard corporate login page is displayed to enter user name and password.
If the user is authenticated after submitting the his user name and password, he is redirected to the client callback URL with an API generated token:

HTTP 302 Redirect
Location https://myapp/callback#access_token=2YotnFZFEjr1zCsicMWpAA&type=Bearer&expire_in=3600&state=myAppRandomState


What is the way to go to connect a Rails app to this API ? Should I the use the Devise gem for that ? Any other solutions ?

Thank you!

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/42651038-d802-4e1d-bdb6-8b89cf6e8f38%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: How to authenticate a User with a corporate OAuth2 API

Walter Lee Davis
Have you looked at OmniAuth yet? That's how I would try to connect to an OAuth provider. There is a Devise strategy for OmniAuth. All the documentation you will find will show you how to connect via Facebook or Twitter or whatnot, but it's the same drill no matter which provider you choose.

Walter

> On Dec 22, 2017, at 3:51 AM, belgoros <[hidden email]> wrote:
>
> I have a corporate OAuth 2.0 API that every application should use to authenticate its users. This API requires a request to have the following parameyers:
> • response_type : must be set to "token"
> • client_id : client identifier for the application
> • redirect_uri : URI for the callback
> • state :  a random value used by the client to maintain state between the request and callback
> Example:
>
> HTTP GET
> https://corporate.auth.com/authorize?response_type=token&client_id=mySinglePageApp&state=myAppRandomState&redirect_uri=http%3A%2F%2Fmyapp%2Fcallback
>
> If the user is not authenticated, the standard corporate login page is displayed to enter user name and password.
> If the user is authenticated after submitting the his user name and password, he is redirected to the client callback URL with an API generated token:
>
> HTTP 302 Redirect
> Location https://myapp/callback#access_token=2YotnFZFEjr1zCsicMWpAA&type=Bearer&expire_in=3600&state=myAppRandomState
>
>
> What is the way to go to connect a Rails app to this API ? Should I the use the Devise gem for that ? Any other solutions ?
>
> Thank you!
>
> --
> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
> To post to this group, send email to [hidden email].
> To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/42651038-d802-4e1d-bdb6-8b89cf6e8f38%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/5ECC5D35-6EB0-4953-9D78-8920F2445983%40wdstudio.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: How to authenticate a User with a corporate OAuth2 API

Serguei Cambour


On Friday, 22 December 2017 16:05:09 UTC+1, Walter Lee Davis wrote:
Have you looked at OmniAuth yet? That's how I would try to connect to an OAuth provider. There is a Devise strategy for OmniAuth. All the documentation you will find will show you how to connect via Facebook or Twitter or whatnot, but it's the same drill no matter which provider you choose.

Walter
Thanks a lot Walter. Did you mean OmniAuth gem

> On Dec 22, 2017, at 3:51 AM, belgoros <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="0KZQH0hkAgAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">s.ca...@...> wrote:
>
> I have a corporate OAuth 2.0 API that every application should use to authenticate its users. This API requires a request to have the following parameyers:
>         • response_type : must be set to "token"
>         • client_id : client identifier for the application
>         • redirect_uri : URI for the callback
>         • state :  a random value used by the client to maintain state between the request and callback
> Example:
>
> HTTP GET
> <a href="https://corporate.auth.com/authorize?response_type=token&amp;client_id=mySinglePageApp&amp;state=myAppRandomState&amp;redirect_uri=http%3A%2F%2Fmyapp%2Fcallback" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fcorporate.auth.com%2Fauthorize%3Fresponse_type%3Dtoken%26client_id%3DmySinglePageApp%26state%3DmyAppRandomState%26redirect_uri%3Dhttp%253A%252F%252Fmyapp%252Fcallback\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHyCa3gBWI6OgH5tP1IyaLcZ7bNcA&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fcorporate.auth.com%2Fauthorize%3Fresponse_type%3Dtoken%26client_id%3DmySinglePageApp%26state%3DmyAppRandomState%26redirect_uri%3Dhttp%253A%252F%252Fmyapp%252Fcallback\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHyCa3gBWI6OgH5tP1IyaLcZ7bNcA&#39;;return true;">https://corporate.auth.com/authorize?response_type=token&client_id=mySinglePageApp&state=myAppRandomState&redirect_uri=http%3A%2F%2Fmyapp%2Fcallback
>
> If the user is not authenticated, the standard corporate login page is displayed to enter user name and password.
> If the user is authenticated after submitting the his user name and password, he is redirected to the client callback URL with an API generated token:
>
> HTTP 302 Redirect
> Location <a href="https://myapp/callback#access_token=2YotnFZFEjr1zCsicMWpAA&amp;type=Bearer&amp;expire_in=3600&amp;state=myAppRandomState" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fmyapp%2Fcallback%23access_token%3D2YotnFZFEjr1zCsicMWpAA%26type%3DBearer%26expire_in%3D3600%26state%3DmyAppRandomState\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNE832oBSZ3GfoNLNwz4nkXo10uzhg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fmyapp%2Fcallback%23access_token%3D2YotnFZFEjr1zCsicMWpAA%26type%3DBearer%26expire_in%3D3600%26state%3DmyAppRandomState\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNE832oBSZ3GfoNLNwz4nkXo10uzhg&#39;;return true;">https://myapp/callback#access_token=2YotnFZFEjr1zCsicMWpAA&type=Bearer&expire_in=3600&state=myAppRandomState
>
>
> What is the way to go to connect a Rails app to this API ? Should I the use the Devise gem for that ? Any other solutions ?
>
> Thank you!
>
> --
> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to <a href="javascript:" target="_blank" gdf-obfuscated-mailto="0KZQH0hkAgAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">rubyonrails-ta...@googlegroups.com.
> To post to this group, send email to <a href="javascript:" target="_blank" gdf-obfuscated-mailto="0KZQH0hkAgAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">rubyonra...@googlegroups.com.
> To view this discussion on the web visit <a href="https://groups.google.com/d/msgid/rubyonrails-talk/42651038-d802-4e1d-bdb6-8b89cf6e8f38%40googlegroups.com" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/d/msgid/rubyonrails-talk/42651038-d802-4e1d-bdb6-8b89cf6e8f38%40googlegroups.com&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/msgid/rubyonrails-talk/42651038-d802-4e1d-bdb6-8b89cf6e8f38%40googlegroups.com&#39;;return true;">https://groups.google.com/d/msgid/rubyonrails-talk/42651038-d802-4e1d-bdb6-8b89cf6e8f38%40googlegroups.com.
> For more options, visit <a href="https://groups.google.com/d/optout" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;">https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/542f05cf-b0b2-4e50-a677-5c9db3f3d8ba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: How to authenticate a User with a corporate OAuth2 API

Walter Lee Davis
Precisely. There's <strike>a</strike> MANY RailsCast(s) about it, long out of date, but still relevant enough to give you the basic idea of how it works.

http://railscasts.com/episodes?utf8=✓&search=omniauth

Walter

> On Dec 22, 2017, at 10:08 AM, belgoros <[hidden email]> wrote:
>
> Thanks a lot Walter. Did you mean OmniAuth gem ?
>

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/DFEF752E-DBE8-4B34-B9EE-1D86DCD33688%40wdstudio.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: How to authenticate a User with a corporate OAuth2 API

Serguei Cambour


On Friday, 22 December 2017 16:58:30 UTC+1, Walter Lee Davis wrote:
Precisely. There's <strike>a</strike> MANY RailsCast(s) about it, long out of date, but still relevant enough to give you the basic idea of how it works.

<a href="http://railscasts.com/episodes?utf8=%E2%9C%93&amp;search=omniauth" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Frailscasts.com%2Fepisodes%3Futf8%3D%25E2%259C%2593%26search%3Domniauth\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEh3XHb9dKxDxOLS_rOyCeTB41uog&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Frailscasts.com%2Fepisodes%3Futf8%3D%25E2%259C%2593%26search%3Domniauth\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEh3XHb9dKxDxOLS_rOyCeTB41uog&#39;;return true;">http://railscasts.com/episodes?utf8=✓&search=omniauth

Walter

Yes, I saw it, - as you noticed, most of them are outdated. Thank you! 

> On Dec 22, 2017, at 10:08 AM, belgoros <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="eTP_YzFnAgAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">s.ca...@...> wrote:
>
> Thanks a lot Walter. Did you mean OmniAuth gem ?
>

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/7ccd0027-1257-4045-b159-fced74928411%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: How to authenticate a User with a corporate OAuth2 API

Walter Lee Davis

> On Dec 22, 2017, at 11:00 AM, belgoros <[hidden email]> wrote:
>
>
>
> On Friday, 22 December 2017 16:58:30 UTC+1, Walter Lee Davis wrote:
> Precisely. There's <strike>a</strike> MANY RailsCast(s) about it, long out of date, but still relevant enough to give you the basic idea of how it works.
>
> http://railscasts.com/episodes?utf8=✓&search=omniauth 
>
> Walter
>
> Yes, I saw it, - as you noticed, most of them are outdated. Thank you!
>

Well worth watching anyway, they give you the gist of how to integrate, even if you need to translate up to modern idiom in places. It's like learning on hand tools, and then graduating to the machine shop!

Walter

> > On Dec 22, 2017, at 10:08 AM, belgoros <[hidden email]> wrote:
> >
> > Thanks a lot Walter. Did you mean OmniAuth gem ?
> >
>
>
> --
> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
> To post to this group, send email to [hidden email].
> To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/7ccd0027-1257-4045-b159-fced74928411%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/DC920ABF-526F-409E-849A-DB21EAE81AFB%40wdstudio.com.
For more options, visit https://groups.google.com/d/optout.