Oauth2 workflow for sinatra + angular.js app
67 views
Skip to first unread message
Darek F.
Aug 22, 2014, 4:56:20 PM8/22/14
to rubyonra...@googlegroups.com
We want to build three example apps.
1. sinatra oauth2 provider
2. rails app with angular.js on frontend auhenticated through 1 app
3. sinatra on backend and angular.js on frontend auhenticated through 1
app
Our Rails/Sinatra app will be authenticate users using [satelizer][1]
and our custom provider.
These is our **Oauth2** workflow right now.
1. Using Satellizer we get the authorization code from provider. We
send this code to our backend.
2. In backend using this authorization code, secret key and other
params, we send an request to provider to get an access token.
3. Using this obtain access token we call '/me' action to get an
uid,
email and other user attributes from provider.
4. In the same action we parse the response body and we find or create
user based on uid.
5. We are wondering about this step which should somehow set the user's
authentication token.
- store the provider access token in user database record.
- generate new authentication token and change it on every request
6. Generate JWToken with user uid and token and send it back to
satellizer.
7. Then on each request Satellizer include Bearer JWToken in header.
After recive request our backend verify header token stored in database
and call sing_in method in our case devise(sign_in, store: false) maybe
in sinatra app we will use warden.
What do you think about this concept? Maybe we are missing something.
These is our first **Oauth2** authentication implementation and we are
worried about it.
[1]: https://github.com/sahat/satellizer
--
Posted via http://www.ruby-forum.com/.
1. sinatra oauth2 provider
2. rails app with angular.js on frontend auhenticated through 1 app
3. sinatra on backend and angular.js on frontend auhenticated through 1
app
Our Rails/Sinatra app will be authenticate users using [satelizer][1]
and our custom provider.
These is our **Oauth2** workflow right now.
1. Using Satellizer we get the authorization code from provider. We
send this code to our backend.
2. In backend using this authorization code, secret key and other
params, we send an request to provider to get an access token.
3. Using this obtain access token we call '/me' action to get an
uid,
email and other user attributes from provider.
4. In the same action we parse the response body and we find or create
user based on uid.
5. We are wondering about this step which should somehow set the user's
authentication token.
- store the provider access token in user database record.
- generate new authentication token and change it on every request
6. Generate JWToken with user uid and token and send it back to
satellizer.
7. Then on each request Satellizer include Bearer JWToken in header.
After recive request our backend verify header token stored in database
and call sing_in method in our case devise(sign_in, store: false) maybe
in sinatra app we will use warden.
What do you think about this concept? Maybe we are missing something.
These is our first **Oauth2** authentication implementation and we are
worried about it.
[1]: https://github.com/sahat/satellizer
--
Posted via http://www.ruby-forum.com/.
Robby O'Connor
Aug 22, 2014, 4:58:39 PM8/22/14
to rubyonra...@googlegroups.com
Why not devise+omniauth?
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-ta...@googlegroups.com.
To post to this group, send email to rubyonra...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/40e1c07226af9f2dc06b8cd8a8c2382a%40ruby-forum.com.
For more options, visit https://groups.google.com/d/optout.
Darek F.
Aug 22, 2014, 5:01:11 PM8/22/14
to rubyonra...@googlegroups.com
I am not talking about tools but workflow. I want to understand what is
going on behind the scene.
going on behind the scene.
Reply all
Reply to author
Forward
0 new messages