#353 OAuth with Doorkeeper pro
Doorkeeper makes it easy to create an OAuth 2 provider. This episode also shows how to setup OmniAuth as an OAuth client and use the oauth2 gem to communicate with an API.
-
watch on iTunes
-
follow on Twitter
-
follow on Facebook
-
subscribe to RSS feed
Ryan, can you make a tutorial for using "TOTP: Time-Based One-Time Password Algorithm" or "Multi-Factor Authentication" that compatible with Google Authenticator like in Google and AWS?? it will be great to add more security :)
See Two-factor Authentication with Rails and the subsequent Using the Google Authenticator App with Rails for tutorials of using 2-factor authentication with Google Authenticator.
Awesome Ryan! Great job. I have one question. Let's say your client app is a mobile app (such as an android app), would you have to redirect to a browser (out of the app) when trying to login? The json part is ok as both android and ios have libraries for those.
+100 on this episode.
For this I'd recommend looking into using the password grant type which doesn't require setting a callback URL.
Actually, if you look at existing apps that authenticate through Twitter's oAuth for example, you can see that, indeed, a browser is required to grant access to the account. However, both iOS and Android have an option to launch a browser window within an application itself.
So usually when the users clicks "login through twitter", you'd fire up a browser screen inside the app that will load the Twitter authentication page. This page is already optimized for mobile so it will simply show the button to authenticate (or the login fields if the user isn't logged in to twitter yet). Then you have your app setup to close the webview when a succesful request is made, and log the user in.
Facebook is a similar example, except that in this case, facebook requires the app to actually launch the Facebook app, which will handle the authentication and automatically switches back to your app when the authentication is succesful.
Here's an example of how to use the password grant type without a callback URL...
Thanks for the clarification.
excellent, thanks!
Thanks for this information. Will be taking a closer look at this.
I've dealt with the same issue on titanium appcelerator mobile platfom. We need a high security in our app, that's why we cannot apply password authorization type. So I have set redirect uri to localhost and I've extracted grant code directly from redirect URL. You can check https://github.com/OrganisedMinds/titanium-oauth2-client for your inspiration, but be aware - this is still in development. Anyway there are already some oauth 2.0 libraries from google developers written in java if you consider to native android development.
The gem was updated with the fix for
whitelist_attributes. Check out the version 0.3.4This is difficult to grasp when we don't know the big picture. Diagrams are required to introduce the concepts before jumping into code. Also including specs with the code would be helpful.
OAuth 2 is very strange at first sight. It was for me :-)
But, in the OAuth 2 spec site there's few diagrams that might help you, or check out the applications examples, like this one
Excellent screencast as usual. I don't seem to be able to find any documentation though on customising the controllers Or models. Mainly things like having the applications associated to a specific user etc.
Right now, there's no way to customize controller behaviour specifically, but there's a branch which will allow you to do this.
There's also a pull request related to application customization (ownership). Feel free to comment on that, we need ideas :)
Has anyone got Doorkeeper working with Mongoid?
There are few forks out there, but we're working in a branch for that. :-)
Is it possible to use rails-api and doorkeeper together? I'm not sure where the Doorkeeper UI should live. Possibly hack it into rails-api or add it to another rails app, what do you think?
I haven't tried yet, but it might work, I thinkg you just need to enable before filters for your API controllers.
When I try to start up my rails (oauth client) app after building my OAuth strategy (identical to Ryan's structurally), I get this error:
undefined method `uid' for OmniAuth::Strategies:Module
Anyone seen this error before? I'm having a hard time figuring out what I'm doing wrong.
I always have this error when I follow this tutorial:
OAuth2::Error: invalid_grant: The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.
when I'm in the phase of parsing token. What is the problem and how I can fix this ?
Since oauth2 1.1.0 with CSRF protection this code doesn't work. Could somebody point right direction how to apply state param in this provider and client example. thanks
Why do I keep getting the error
An error has occurred
Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.
when trying to sign in through the client app?
I tried running the source code and I get the same errors... any ideas?!
Any advice about using Doorkeeper with Active Model Serializers as shown in episode #409?
First sign in through GitHub to post a comment.