sorcery
sorcery copied to clipboard
NoamB
Token authentication
Hi Noam. Great work on the Sorcery gem. Is token authentication something that would find it's way into Sorcery on day?
Yes, it's been asked for a few times. Since v0.7.0 is nearly done, it is set for v0.8.0. The issue will stay here until it's done. Thanks.
Great to hear. I will keep plugging away with Sorcery then. Look forward to the 0.8.0.0 release!
Thanks for your hard work, making mine easier!
Token authentication would be great for use with mobile app backends and Web Services :)
I'll try and look into this over the weekend. Maybe I can submit a pull request!
Anyway, +1 from me.
+1
Would love to see this feature, would really make mobile-development easier :)
Hi, I'm not getting to it...
I was thinking about an API like this:
require_login :token_allowed => true, :only => [:json]
This way it extends require_login to allow or disallow tokens, and only for specific formats.
I would probably do it in a new submodule.
If anyone wants to 'lift the glove', it shouldn't be much trouble implementing.
On Fri, Mar 30, 2012 at 3:19 PM, Henning M. Stephansen < [email protected]
wrote:
+1
Would love to see this feature, would really make mobile-development easier :)
Reply to this email directly or view it on GitHub: https://github.com/NoamB/sorcery/issues/70#issuecomment-4841349
Actually require_login has all the options of a before filter, so I shouldn't touch 'only'.
Maybe another before filter, allows_token_authentication.
Not sure. How is it done in other gems?
Atm I'm building my app in the hope token authentication comes along before I start building my API.
Seeing this feature in there would be a massive +100 from me
+1
Authlogic was a good one for this back in the day although it's methodology may be outdated now, I'm not sure: see Single Access Token module and Session Params module
I'm thinking this design:
- on password creation/update create another field - auth_token
- a new before_filter - 'allow_token_authentication' needs to be placed in the controller (along with options like format and allowed actions). This sets some var for this controller, and when 'auto_login' is called under the hood, it will try to login from the auth_token as well.
Also the whole thing might be a new submodule and not in the default.
That design sounds ideal, only side note I'd say is allowing the auth_token to generated on request by the application as well and not just when the password gets touched.
+1 What do you think about integrate something like this http://railscasts.com/episodes/352-securing-an-api?view=asciicast
Now that sorcery 0.8.0 has been released how do I use this feature? A tiny example would be nice. :)
I'm curious as to the status of this. Think it's okay to manually implement my own token authentication using authenticate_or_request_with_http_token in my rails-api app in the meantime?
I am working on an api using sorcery and this is certainly something I'd love to have.
Hello everybody, hi Noam.
I just sent a pull request that adds supports for access tokens in RESTful JSON APIs and extends the external submodule to support OAuth 2.0 For Login (client side flow).
https://github.com/NoamB/sorcery/pull/415
I needed this for a pet project that I have been working on my free time, an angularjs app with rails-api as the backend server.
I would really appreciate if you guys could test it, code reviews would be great too.
Support for mongoid and mongomapper is included, but I don't use mongodb so if you plan to use it please do review the code to make sure everything works correctly.
Instructions are in the README.
Let me know what you guys think.
Regards,
@ fzagarzazu Awesome! +1
Would be nice with a small demo app on github demonstrating this feature :) Cheers!
I have just published a quick demo with rails-api and OAuth 2.0 for login.
https://github.com/fzagarzazu/sorcery_access_token_demo
Hope it helps, regards,
@kristianmandrup
Three years have passed :) I am sure it will be easier to implement app-specific solution
