How to authenticate a User with a corporate OAuth2 API

20 views
Skip to first unread message

belgoros

unread,
Dec 22, 2017, 3:51:47 AM12/22/17
to Ruby on Rails: Talk
I have a corporate OAuth 2.0 API that every application should use to authenticate its users. This API requires a request to have the following parameyers:
  • response_type : must be set to "token"
  • client_id : client identifier for the application
  • redirect_uri : URI for the callback
  • state : a random value used by the client to maintain state between the request and callback
Example:


If the user is not authenticated, the standard corporate login page is displayed to enter user name and password.
If the user is authenticated after submitting the his user name and password, he is redirected to the client callback URL with an API generated token:



What is the way to go to connect a Rails app to this API ? Should I the use the Devise gem for that ? Any other solutions ?

Thank you!

Walter Lee Davis

unread,
Dec 22, 2017, 10:05:09 AM12/22/17
to rubyonra...@googlegroups.com
Have you looked at OmniAuth yet? That's how I would try to connect to an OAuth provider. There is a Devise strategy for OmniAuth. All the documentation you will find will show you how to connect via Facebook or Twitter or whatnot, but it's the same drill no matter which provider you choose.

Walter
> --
> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-ta...@googlegroups.com.
> To post to this group, send email to rubyonra...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/42651038-d802-4e1d-bdb6-8b89cf6e8f38%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

belgoros

unread,
Dec 22, 2017, 10:08:51 AM12/22/17
to Ruby on Rails: Talk


On Friday, 22 December 2017 16:05:09 UTC+1, Walter Lee Davis wrote:
Have you looked at OmniAuth yet? That's how I would try to connect to an OAuth provider. There is a Devise strategy for OmniAuth. All the documentation you will find will show you how to connect via Facebook or Twitter or whatnot, but it's the same drill no matter which provider you choose.

Walter
Thanks a lot Walter. Did you mean OmniAuth gem

Walter Lee Davis

unread,
Dec 22, 2017, 10:58:30 AM12/22/17
to rubyonra...@googlegroups.com
Precisely. There's <strike>a</strike> MANY RailsCast(s) about it, long out of date, but still relevant enough to give you the basic idea of how it works.

http://railscasts.com/episodes?utf8=✓&search=omniauth

Walter

belgoros

unread,
Dec 22, 2017, 11:00:01 AM12/22/17
to Ruby on Rails: Talk


On Friday, 22 December 2017 16:58:30 UTC+1, Walter Lee Davis wrote:
Precisely. There's <strike>a</strike> MANY RailsCast(s) about it, long out of date, but still relevant enough to give you the basic idea of how it works.

http://railscasts.com/episodes?utf8=✓&search=omniauth

Walter

Yes, I saw it, - as you noticed, most of them are outdated. Thank you! 

Walter Lee Davis

unread,
Dec 22, 2017, 11:03:42 AM12/22/17
to rubyonra...@googlegroups.com

> On Dec 22, 2017, at 11:00 AM, belgoros <s.ca...@gmail.com> wrote:
>
>
>
> On Friday, 22 December 2017 16:58:30 UTC+1, Walter Lee Davis wrote:
> Precisely. There's <strike>a</strike> MANY RailsCast(s) about it, long out of date, but still relevant enough to give you the basic idea of how it works.
>
> http://railscasts.com/episodes?utf8=✓&search=omniauth
>
> Walter
>
> Yes, I saw it, - as you noticed, most of them are outdated. Thank you!
>

Well worth watching anyway, they give you the gist of how to integrate, even if you need to translate up to modern idiom in places. It's like learning on hand tools, and then graduating to the machine shop!

Walter

> > On Dec 22, 2017, at 10:08 AM, belgoros <s.ca...@gmail.com> wrote:
> >
> > Thanks a lot Walter. Did you mean OmniAuth gem ?
> >
>
>
> --
> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-ta...@googlegroups.com.
> To post to this group, send email to rubyonra...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/7ccd0027-1257-4045-b159-fced74928411%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages