Using single access token as an API key
170 views
Skip to first unread message
Przemek M.
Dec 17, 2010, 7:46:46 AM12/17/10
to Authlogic
Hello!
I have some troubles trying to use single access token as an API key
to the rails application interface. I'd like to describe it in details
here, hopefully gaining Your help.
______________________________________________________
SITUATION:
I have separated namespace for API controllers and the parent
controller for whole API (class Api1::APIController <
ApplicationController).
I'd like to filter requests to all actions checking if they pass some
api key parameter (I mean single access token generated for 'Client'
that connects through this interface)
I have also User model using authlogic but with cookies and sessions.
Here want to have Client (mobile app) sending requests containing api
key (single access token).
MODELS:
class Client < ActiveRecord::Base
acts_as_authentic do |c|
end
end
class ClientSession < Authlogic::Session::Base
single_access_allowed_request_types = :all
end
CONTROLLER:
class Api1::APIController < ApplicationController
protect_from_forgery :except => [:create, :update]
before_filter :check_api_key
private
def check_api_key
@client_session = ClientSession.new(params[:client_session])
unless @client_session.valid?
render :json => @client_session.errors, :status => :unauthorized
end
end
end
Now I'm trying to send API request:
curl -X GET -H 'Accept: application/json'
http://localhost:3000/api1/articles?client_credentials=abcabcabc
The response is that I did not provide any authentication details...
______________________________________________________
What do I wrong? What is missing? Maybe some configuration in Client
model?
There are about 5-6 nice examples to be found in the web however
(actually this what I wrote is based on them) but no one works for me
and I wonder why...
So, 'how do You do it' with Authlogic?
I have some troubles trying to use single access token as an API key
to the rails application interface. I'd like to describe it in details
here, hopefully gaining Your help.
______________________________________________________
SITUATION:
I have separated namespace for API controllers and the parent
controller for whole API (class Api1::APIController <
ApplicationController).
I'd like to filter requests to all actions checking if they pass some
api key parameter (I mean single access token generated for 'Client'
that connects through this interface)
I have also User model using authlogic but with cookies and sessions.
Here want to have Client (mobile app) sending requests containing api
key (single access token).
MODELS:
class Client < ActiveRecord::Base
acts_as_authentic do |c|
end
end
class ClientSession < Authlogic::Session::Base
single_access_allowed_request_types = :all
end
CONTROLLER:
class Api1::APIController < ApplicationController
protect_from_forgery :except => [:create, :update]
before_filter :check_api_key
private
def check_api_key
@client_session = ClientSession.new(params[:client_session])
unless @client_session.valid?
render :json => @client_session.errors, :status => :unauthorized
end
end
end
Now I'm trying to send API request:
curl -X GET -H 'Accept: application/json'
http://localhost:3000/api1/articles?client_credentials=abcabcabc
The response is that I did not provide any authentication details...
______________________________________________________
What do I wrong? What is missing? Maybe some configuration in Client
model?
There are about 5-6 nice examples to be found in the web however
(actually this what I wrote is based on them) but no one works for me
and I wonder why...
So, 'how do You do it' with Authlogic?
José Santos
Dec 25, 2010, 8:08:27 AM12/25/10
to Authlogic
Reply all
Reply to author
Forward
0 new messages