问题
I make API in rails. For normal authentication we use devise but in API how to implement devise for authentication.
gem 'devise_token_auth'
Someone prefer this this gem for authentication but there are no tutorial available for that. How to implement authenitication in rails api?
回答1:
The best thing you can do is to follow the github tutorials which are most likely to be up-to-date.
First you should follow the TLDR part.
Note that the frontend developpers need to know about the usage specification.
Finally you want to go through the documentation. Here are some samples that might help:
Routes
Rails.application.routes.draw do
# Stuff
devise_for :admin_users, ActiveAdmin::Devise.config
ActiveAdmin.routes(self)
devise_for :users
root to: "home#index"
# The API part
namespace :api, defaults: {format: :json} do
scope :v1 do
mount_devise_token_auth_for 'User', at: 'auth', skip: [:omniauth_callbacks]
resources :stuff, only: [:index, :show]
end
end
end
A controller:
module Api
class StuffsController < ApiController
before_action :authenticate_user!
...
end
end
API Controller
class ApiController < ApplicationController
include DeviseTokenAuth::Concerns::SetUserByToken
end
User model
class User < ActiveRecord::Base
# Include default devise modules.
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
include DeviseTokenAuth::Concerns::User
end
Finally don't forget to configure the gem in the corresponding initializer.
回答2:
Here is a good tutorial on API authentication with devise_token_auth. Also, the devise_token_auth gem's github page seems to have a very good documentation which should help you get started.
If you are looking for a good tutorial to understand the related concepts, here is one that has a thorough walkthrough of creating a Rails API with token-based authentication (Not using devise_token_auth, but useful to understand the concepts).
I also recommend you to take a look at the JWT (JSON Web Token) which works very well with large scale Rails API. Here is another tutorial that explains how to build Rails API Backed With JWT
回答3:
You can add attributes "authentication_token" to you table and use this gem:
https://github.com/robertomiranda/has_secure_token
in application_controller:
def authenticate_user!
authenticate_user_from_token!
super
end
def authenticate_user_from_token!
User.find_by_authentication_token(user_token)
end
def user_token
request.headers['X-AUTH-TOKEN'].presence || params['auth_token'].presence
end
回答4:
In my current project I have implemented simple_token_authentication. It is pretty easy to implement and use as well.
Just add the following to your Gemfile and run bundle install
gem 'simple_token_authentication', '1.12.0'
Rest all of the steps are given in its documentation and pretty easy to follow too.
来源:https://stackoverflow.com/questions/33560929/token-based-authentication-for-rails-json-apis