All geek questions in one place

User Authentication Using API

so I have a little complicated combination here.

Company has many Users User belongs to Company

User is managed for authentication using

 class User < ActiveRecord::Base belongs_to :company devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable

You can log in as a user and create objects that belong to the Company and not to the user, for example: Text . ( company.texts )

I have now created a simple API using the acts_as_api . for this I just have to change my text controller, i.e. show action.

 class TextsController < ApplicationController load_and_authorize_resource def show #@text = Text.find(params[:id]) respond_to do |format| format.html format.json { render_for_api :texts_all, :json => @text } end

this works very well on a website. the problem is the API. I do not want to authenticate when accessing the api through the user model. the company has an attribute called :hash , which I want to use for Auth in the API.

I do not know how to achieve this using devise (or any other method). therefore, by default, the developer wants the user to log in due to load_and_authorize_resource in my controller, which is great for an html response, but not for a json response.

any ideas?

thanks for this. please leave a comment if something is unclear!

0
source share
2 answers

Just use Token Authenticatable and send a token with every request in your API.

Here is a tutorial for him.

0
source

Conditionally apply auth filters based on accepted format headers:

 # override in controllers related ot API def authenticate_user! respond_to do |format| format.html { super } # just like before format.json { enforce_api_auth } end end

Now API calls force their own auth.

0
source

Source: https://habr.com/ru/post/1264551/

More articles:


All Articles