13

I have both a Desktop application and a mobile application. I want to use the same rails application for both "devices". In another word, I want the mobile application to request contents on the Desktop application.

I use Devise for authentications (email + password). I have implemented Doorkeeper on the Desktop app in order to generate an Oauth2 token for my mobile application.

Here are my questions:

I have before_filters sets in my desktop application controllers in order to secure them.

  • I am not sure how the mobile application should share the OAuth2 token with Devise in order to be authenticated and access my protected controllers ?

In fact, right now, it is Doorkeeper who should check the mobile token in my controllers with the doorkeeper_for :all code. But to do that I have to unable the devise protection before_filter :authenticate_user!...

Should I save the oauth token in devise too ?

I am misunderstanding how mobile applications should authenticate with devise and OAuth2 protocole ?

Thx

Improve this question

2 Answers 2

Reset to default
11

This is old, but doesn't have an answer yet.

Essentially Devise and Doorkeeper are doing the same thing, Devise authenticates using sessions (or token auth if you have enabled that) while Doorkeeper authenticates with OAuth tokens sent in every request.

What you probably want to do is split your application into two access points, have a regular desktop access using Devise and an API that uses Doorkeeper. Enable Devise routes for only the regular desktop controllers and enable doorkeeper routes for only the api controllers.

In your API Application Controller, you can override current_user to be something like User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token. This will match the way Devise authenticates as well.

Alternatively, if your API doesn't have to use OAuth, you could use Devise's token_authenticable config, which provides similar features as OAuth's Bearer Tokens.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

why shouldn't we use token-based authentication on both desktop and mobile?
0

I'm not sure if I understood your question but Doorkeeper locks your controller completely. No access via Devise authentication is possible if you have doorkeeper_for :all in your controller.

You will need a seperate controller to share your data via OAuth2, like an API controller for instance. Then you can request data e.g. via protocol://myapp:1234/ressource?access_token=thetoken.

Is that what you asked for? Else please clarify :)

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.