7

Users of my Rails app can authenticate in one of these 2 manners:

  • Using their Facebook account
  • Using our own authentication

I'm using Facebook SDK on Android and devise and omniauth on Rails.

How do I authenticate against my Rails app on Android so I can then fetch the information I need from the server?

NB: I've noticed this question is getting a fair amount of views recently. Please don't follow the advice given in this thread too closely -- the web moves fast and it dates from 3 years ago!

Improve this question

4 Answers 4

Reset to default
2

This can be done using the fb_graph gem (not fbgraph!).

You can just add it to your gemfile and do 

user = FbGraph::User.me(token).fetch

where token is the oauth token you got by using, for example, the Facebook SDK on Android. user.email will be the user's email address (if you set up the necessary permissions).

You can use this URL for testing:

https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=https://www.facebook.com/connect/login_success.html&response_type=token
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Just notice this answer got some attention. Keep in mind this was 2.5 yrs ago and many things may have changed since. Be careful with what you take from this!
0

That totally depends on how your authentication system works. You will need to create an API on your server to handle communication from the Android app and pass information between both using the API.

Improve this answer

3 Comments

I use devise and omniauth, that's pretty much how it works. For the Android side, I use the Facebook SDK.
The Facebook SDK will only auth with Facebook. You will need to create a Android Library that will authenticate with your Rails website. That is the only way you can get the information back from your server securely.
My server auths with facebook via Omniauth. I was wondering if I could use the Facebook SDK to log the user in and then make a GET to users/auth/facebook so the user could be authed with my server, too. (is this confusing? I'll rewrite it if I couldn't explain myself)
0

Niraj Shah is completely right, though the answer might not be detailed enough for you. For an in-depth answer to your question, have a look at Securing an API railscast by Ryan Bates that has been released only recently. It covers HTTP Basic Auth.

You might also want to have a look at the more advanced option to secure your API / provide registered users access to their data. There's a railscast about this one as well here: http://railscasts.com/episodes/353-oauth-with-doorkeeper - though it's a pro episode, so you need to sign up for it in order to watch it.

Improve this answer

3 Comments

Thanks for the links. I'm using devise, though, not HTTP's inbuilt auth.
Authenticating the API is decoupled from authenticating users! You could theoretically send the username/password (or provider + uid - or anything else you can use to uniquely identify a user) with every request to the API and authenticate against it. However, this is just bad style (and if you do it, make sure to use SSL!). Authenticating using tokens such as in OAuth is the way to go.
OK, devise supports token based auth, gonna try to switch to that. Still don't get how I should auth an user who logs in with Facebook.
0

Francisco, I have the exact same need.

The devise scenario using token_authenticatable seems straightforward and shouldn't be a problem but I'm not sure the best way to handle the Facebook scenario. On the web side, for FB auth I'm using omniauth-facebook as documented here: https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview. I think this uses OAuth with FB as a provider so it's a good possibility that the latest RailsCast about doorkeeper securing an API with OAuth should do the trick. I haven't tried it yet but will do so soon unless you beat me to it. Here is the link: http://railscasts.com/episodes/353-oauth-with-doorkeeper.

Improve this answer

2 Comments

Hey. I will soon post an answer to my own question for posteriority's sake. What you have to do is use the fb_graph gem (not fbgraph!). Then you can just add it to your gemfile and do user = FbGraph::User.me(token).fetch, where token is the oauth token you got by using, for example, the Facebook SDK on Android. user.email will have the user's email address (if you set up the necessary permissions). Do not hesitate to contact me if I wasn't clear.
For testing purposes, you can use irb and GET this page: facebook.com/dialog/… If you were successful, you will be redirected to an URI with the access token on it. Then you can use that token in the manner mentioned above.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.