Clever Geek Handbook

Oauth2 provider (Doorkeeper?) Is an Oauth2 user (Devise + OmniAuth) to login

Oauth2 is driving me crazy.

Currently my Rails app is authenticating users with Facebook and soon other Oauth2 providers, thanks to the beauty of Devise and OmniAuth. The user cannot enter the system with a username and password.

But since my application is mainly an API, I also want it to act as an Oauth2 provider for data protection.

So the user logs in with Facebook -> my app, gets an access token and then -> provides the user with a new access token to access my API -> my AngularJS app (or any other app) uses that token to access my API without Facebook knowing or a Google Access token. It looks like I need to send an Oauth2 token to the client using a custom provider.

I discovered the gatekeeper gem ... but I can't figure out how to frame it with Devise and Omniauth.

I found many partial answers here, but not complete.

I would be grateful for any help, good tutorial or more complete answers.

+3


source to share


1 answer


Here's a simple tutorial to get you started. Thanks Andrea!
1. Server application (Devise + Doorkeeper)
http://dev.mikamai.com/post/110722727899/oauth2-on-rails
2. Client application (Ominauth-oauth2)
http://dev.mikamai.com/post/112508735689 / oauth2-on-rails-the-client-application
Postscript Minor errors!
1. When you create the APP_ID and SECRET_ID for the client application from the server application - with http://localhost:3000/oauth/applications/new

- enter the callback url http://localhost:3001/auth/doorkeeper/callback


Or, if you see this after the error, go back to http://localhost:3000/oauth/applications/

and edit the callback url.
We cannot use http://localhost:3001/doorkeeper/callback

it because this is not the route the tutorial uses from the client application.
2. In the client application, enable the callback action definition as shown below and change the to_json method to as_json.

../OAuth-client/application/controllers/application_controller.rb



class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception
  def authentication_callback
    auth = request.env['omniauth.auth']
    render json: auth.as_json
  end

end

Hooray!

+7


source






More articles:


All Articles