发表新帖
发表新帖

http authentication in devise and rails 3

后端 未结
关注
2 1328
梦毁少年i
梦毁少年i 2021-01-30 05:59

I have an application which uses devise on rails 3. I would like to enable http authentication so that I can authenticate to my web app from an iPhone app. How can I authenticat

2条回答
  • 谎友^
    谎友^ (楼主)
    2021-01-30 06:29

    From the design point of view you have got 3 options:

    1) Use basic http authentication: your IPhone app has a secret key -which is baked in your IPhone app code - that uses to authenticate each request with the web app. Google search: "Devise basic http authentication"

    2) You can use https by having a public certificates in your IPhone app and a private certificates on your web app. This is a lot of work to configure right, it is very secure since your IPhone app and the Rails server are exchanging messages over an encrypted channel. The security is also transparent to your rails code since authentication is done at the transport level.

    3) The IPhone app connects to the web app using https, get an authentication token that it then uses to make calls to the web app over regular http. More secure than 1 since the key can expire, quite a bit of work to implement and very scalable. (http://matteomelani.wordpress.com/2011/10/17/authentication-for-mobile-devices/)

    Most of apps use solution 1.

    Hope this help.

    EDIT: to implement http authentication (either basic or digest) I suggest you look at:

    http://api.rubyonrails.org/classes/ActionController/HttpAuthentication/Basic.html and https://github.com/plataformatec/devise/wiki/How-To:-Use-HTTP-Basic-Authentication

    The precise steps will depends on your Rails server stack.

    EDIT 2: I do not think Devise provide a way to get the auth_token. I can see you can try several solutions:

    • when the user logs in the server retrieves the authentication_token and puts it in the cookie. Not very secure unless you encrypt it with a shared secret key.

    • you can provide a https web service that your IPhone app uses to get a user token. Your IPhone app would make the request right after receiving the user request to sign in.

    Sorry I cannot be of more help with some real code.

    0 讨论(0)
 看不清?
提交回复
热议问题