mainmatter/rails_api_auth mainmatter/rails_api_auth

  • This repository has been archived on 17/Apr/2020
  • Stars
    star
    139
  • Rank 261,424 (Top 6 %)
  • Language
    Ruby
  • License
    MIT License
  • Created about 9 years ago
  • Updated almost 6 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
mainmatter/rails_api_auth
github

mainmatter

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Lightweight Rails Engine that implements the "Resource Owner Password Credentials Grant" OAuth 2.0 flow as well as Facebook authentication

RailsApiAuth

Build Status

Rails API Auth is a lightweight Rails Engine that implements the "Resource Owner Password Credentials Grant" OAuth 2.0 flow (RFC 6749) as well as Facebook and Google authentication for API projects.

It uses Bearer tokens (RFC 6750) to authorize requests coming in from clients.

Installation

To install the engine simply add to the application's Gemfile

gem 'rails_api_auth'

and run:

bundle install

Rails API Auth also adds a migration to the application so run

rake db:migrate

as well to migrate the database.

Usage

Rails API Auth stores a user's credentials as well as the tokens in a Login model so that this data remains separated from the application's User model (or Account or whatever the application chose to store profile data in).

After installing the engine you can add the relation from your user model to the Login model:

class User < ActiveRecord::Base

  has_one :login # this could be has_many as well of course

end

When creating a new User in the host application, make sure to create a related Login as well, e.g.:

class UsersController < ApplicationController

  def create
    user = User.new(user_params)
    if user.save && user.create_login(login_params)
      head 200
    else
      head 422 # you'd actually want to return validation errors here
    end
  end

  private

    def user_params
      params.require(:user).permit(:first_name, :last_name)
    end

    def login_params
      params.require(:user).permit(:identification, :password, :password_confirmation)
    end

end

The engine adds 2 routes to the application that implement the endpoints for acquiring and revoking Bearer tokens:

token  POST /token(.:format)  oauth2#create
revoke POST /revoke(.:format) oauth2#destroy

These endpoints are fully implemented in the engine and will issue or revoke Bearer tokens.

In order to authorize incoming requests the engine provides the authenticate! helper that can be used in controllers to make sure the request includes a valid Bearer token in the Authorization header (e.g. Authorization: Bearer d5086ac8457b9db02a13):

class AuthenticatedController < ApplicationController

  include RailsApiAuth::Authentication

  before_action :authenticate!

  def index
    render json: { success: true }
  end

end

If no valid Bearer token is provided the client will see a 401 response.

The engine also provides the current_login helper method that will return the Login model authorized with the sent Bearer token.

You can also invoke authenticate! with a block to perform additional checks on the current login, e.g. making sure the login's associated account has a certain role:

class AuthenticatedController < ApplicationController

  include RailsApiAuth::Authentication

  before_action :authenticate_admin!

  def index
    render json: { success: true }
  end

  private

    def authenticate_admin!
      authenticate! do
        current_login.account.admin?
      end
    end

end

See the demo project for further details.

Configuration

The Engine can be configured by simply setting some attributes on its main module:

RailsApiAuth.tap do |raa|
  raa.user_model_relation = :account # this will set up the belongs_to relation from the Login model to the Account model automatically (of course if your application uses a User model this would be :user)

  # Facebook configurations
  raa.facebook_app_id       = '<your Facebook app id>'
  raa.facebook_app_secret   = '<your Facebook app secret>'
  raa.facebook_redirect_uri = '<your Facebook app redirect uri>'

  # Google configurations
  raa.google_client_id     = '<your Google client id>'
  raa.google_client_secret = '<your Google client secret>'
  raa.google_redirect_uri  = '<your app redirect uri>'

  # Edx configurations
  raa.edx_client_id     = '<your Edx client id>'
  raa.edx_client_secret = '<your Edx client secret>'
  raa.edx_domain        = '<your Edx app domain>'
  raa.edx_redirect_uri  = 'your Edx app redirect uri'

  # Force SSL for Oauth2Controller; defaults to `false` for the development environment, otherwise `true`
  raa.force_ssl = false
end

A note on Edx Oauth2 code flows

It is nesescary to include the Edx username in the request when making a call rails_api_auth call /token. When rails_api_auth interfaces with Edx's user api, the username is need to retrieve user data, not just a valid oauth2 token.

E.g.

headers = {
  username: "alice",
  auth_code: "alices_authorization_code",
  grant_type: "edx_auth_code"
}

Contribution

See CONTRIBUTING.

License

Rails API Auth is developed by and © simplabs GmbH and contributors. It is released under the MIT License.

More Repositories

1

100-exercises-to-learn-rust

A self-paced course to learn Rust, one exercise at a time.
Rust
3,527
star
2

ember-simple-auth

A library for implementing authentication/authorization in Ember.js applications.
JavaScript
1,926
star
3

ember-test-selectors

Enabling better element selectors in Ember.js tests
JavaScript
262
star
4

rust-telemetry-workshop

Build a comprehensive toolkit to detect, troubleshoot and resolve issues with Rust applications.
Rust
224
star
5

qunit-dom

High Level DOM Assertions for QUnit
TypeScript
178
star
6

excellent

Source Code analysis gem for Ruby and Rails
Ruby
156
star
7

highlight

Syntax Higlighting plugin for Ruby on Rails
Ruby
131
star
8

cargo-autoinherit

(Auto)DRY for your Rust dependencies
Rust
124
star
9

ember-cookies

Cookies abstraction for Ember.js that works both in the browser as well as with Fastboot on the server
JavaScript
115
star
10

rust-advanced-testing-workshop

A course to move beyond the built-in Rust testing toolkit.
Rust
95
star
11

ast-workshop

"Abstract Syntax Forestry" workshop for EmberConf 2020
JavaScript
86
star
12

breethe-client

Air Quality Data for Locations around the World
JavaScript
75
star
13

ember-cli-simple-auth

Ember CLI Adon for the Ember Simple Auth library
JavaScript
54
star
14

ember-intl-analyzer

Find missing or unused translations in your Ember.js projects
JavaScript
48
star
15

ember-hbs-minifier

Stripping whitespace out of your Handlebars templates
JavaScript
48
star
16

ember-validated-form-buffer

A validated form buffer that wraps Ember Data models for use in forms.
JavaScript
47
star
17

continue-on-error-comment

GitHub action to add comment when a continue-on-error job fails
JavaScript
41
star
18

breethe-server

Air Quality Data for Locations around the World
Elixir
40
star
19

rust-python-interoperability

A self-paced course to write Python extensions in Rust, one exercise at a time.
Rust
32
star
20

ember-promise-modals

The easy solution for rendering and handling modals in Ember.js apps. Promised.
JavaScript
31
star
21

ember-simple-auth-example

Example project showing how to use Ember Simple Auth with Ember CLI
JavaScript
30
star
22

svelte-promise-modals

Modals in Svelte made easy. Promised.🤞
Svelte
26
star
23

qunit-console-grouper

QUnit plugin that groups console messages by test
JavaScript
22
star
24

ember-cli-simple-auth-devise

Ember CLI Addon for the Ember Simple Auth Devise package
JavaScript
22
star
25

ember-asset-size-action

Comment with the diff for the asset sizes on Pull Request
JavaScript
22
star
26

ember-cli-simple-auth-oauth2

Ember CLI Addon for the Ember Simple Auth OAuth 2.0 package
JavaScript
20
star
27

ember-cli-deploy-webhooks

Ember CLI Deploy plugin for calling webhooks during deployments
JavaScript
19
star
28

rust-workshop-runner

A CLI tool to drive test-driven Rust workshops
Rust
17
star
29

ember-classy-computed

An Ember addon for Class based Computed Properties
JavaScript
16
star
30

mainmatter.com

The source code for https://mainmatter.com
Nunjucks
16
star
31

qunit-dom-codemod

Basic codemod to automatically convert your assertions to qunit-dom assertions
JavaScript
14
star
32

eslint-plugin-ember-concurrency

ESLint plugin for ember-concurrency users
JavaScript
13
star
33

playbook

A book describing the patterns and practices that Mainmatter uses to build lasting products, systematically.
HTML
13
star
34

ember-workshop

The example apps for simplabs' Ember.js Workshop
12
star
35

ember-cli-pixijs

An Ember CLI Addon that wraps pixi.js
JavaScript
12
star
36

emblem-migrator

Migrate Emblem.js to pretty Handlebars files
JavaScript
9
star
37

ember-cli-simple-auth-testing

Ember CLI Addon for the Ember Simple Auth Testing package
JavaScript
9
star
38

ember-cli-simple-auth-cookie-store

Ember CLI Addon for the Ember Simple Auth Cookie Store package
JavaScript
8
star
39

testem-gitlab-reporter

GitLab/JUnit reporter for testem
JavaScript
8
star
40

rails_api_auth-demo

Demo project using the rails_api_auth engine
Ruby
7
star
41

ember-auto-computed

JavaScript
7
star
42

ember-cli-simple-auth-torii

Ember CLI Addon for the Ember Simple Auth Torii package
JavaScript
7
star
43

ember-template-lint-plugin-css-modules

ember-template-lint plugin for ember-css-modules
JavaScript
7
star
44

ember-api-actions

Ember.js addon allowing you to easily implement non-CRUD actions for your Ember Data models
JavaScript
6
star
45

ember-error-route

JavaScript
6
star
46

mainmatter-website-mailer

Mailer for the contact form on mainmatter.com – Cloudflare worker written in Rust
Rust
5
star
47

ember-hotspots

Create interactive prototypes from scratch and design mockups using little code but the full power of the Ember.js ecosystem.
JavaScript
5
star
48

ember-scroll

A sensible default implementation of scrolling for Ember apps, aiming to mimic static site behaviour.
JavaScript
4
star
49

asset-size-reporter

Generic asset size comparison and reporting tool
JavaScript
4
star
50

mocha-diff

Mocha's diff algorithm extracted for anyone to use 🎉
JavaScript
4
star
51

ember-simple-auth-component

Bower repository for Ember Simple Auth
JavaScript
4
star
52

svelte-workshop-music-player

JavaScript
4
star
53

sheepdog

Sheepdog...herd you async task!
TypeScript
3
star
54

eslint-plugin-qunit-dom

An ESLint plugin for qunit-dom that automatically fixes the most common issues.
JavaScript
2
star
55

compare-fixture

JavaScript
1
star
56

ember-cli-list-addons

JavaScript
1
star
57

git-workshop

1
star
58

eslint-config-simplabs

ESLint config for all simplabs projects
JavaScript
1
star
59

auto-reveal

JavaScript
1
star
60

auto-reveal-theme-mainmatter

CSS
1
star
61

sveltekit-super-rentals

JavaScript
1
star
62

who-ran-me

Small utillity to check if script was run with npm or yarn
JavaScript
1
star