correct method for creating a Session from a single_access_token?

15 views
Skip to first unread message

David van Geest

unread,
Sep 29, 2011, 2:24:27 PM9/29/11
to auth...@googlegroups.com
Hi,

I'm trying to create a Session from a single_access_token, passed in the HTTP request using ?user_credentials=<the key>.

In my application controller, I have the following:

class ApplicationController < ActionController::Base
....
  protected
    def current_base_station
      return @current_base_station if defined?(@current_base_station)
      @current_base_station = current_base_station_session && current_base_station_session.base_station
    end  

    def current_base_station_session
      @current_base_station_session = BaseStationSession.create(params)
      puts @current_base_station_session.inspect
    end

 private
    def require_base_station
      unless current_base_station
        # return an auth failure here
        return false
      end
    end
....
end

I call require_base_station as a before_filter from my API controller.

The line after the BaseStationSession.create outputs the following:

#<BaseStationSession: no credentials provided>

I've confirmed that the params hash is as expected:

Started GET "/base_stations/1?user_credentials=an_api_key" for 127.0.0.1 at Thu Sep 29 11:08:02 -0700 2011
  Processing by BaseStationsController#show as HTML
  Parameters: {"user_credentials"=>"an_api_key", "id"=>"1"}

I've tried passing various options to the create method, but I get the same "no credentials provided" every time.  What am I doing wrong here?

Thanks for your help!

--
David van Geest
Software Engineer
Spindance, Inc.
616.355.7000 x113

David van Geest

unread,
Oct 3, 2011, 1:27:47 PM10/3/11
to auth...@googlegroups.com
On Thu, Sep 29, 2011 at 11:24 AM, David van Geest <dav...@spindance.com> wrote:

What am I doing wrong here?


I did get this to work, but not the way the gem intends.  Here's my new current_base_station_session method:

    def current_base_station_session
      bss = nil
      if request.format == :json
        bs = BaseStation.find_by_single_access_token(params["user_credentials"])
        if !bs.nil?
          bss = BaseStationSession.create(bs)
        end
      end
      bss
    end

This bypasses a lot of the authlogic session creation stuff, including any constraints on the request type allowed to authenticate via the single_access_token (single_access_allowed_request_types which you would normally use in BaseStationSession, in this example).  That's why I've got the "request.format == :json" bit in there.

I would really like to know the correct way of doing this.  To be honest, there's a lot of people out there with the same problem, and it seems as if this might be broken. 
Reply all
Reply to author
Forward
0 new messages