1

I have two rails application running at different ports. First at 3000 and the second at 4000. Both of them use Devise gem for auth. First application plays the role of OAuth provider and the second on OAuth consumer. I've followed this and that tutorials to build my environment.

Almost all works fine. I've successfully generated key and secret for consumer application. And successfully authorize at provider application.

There are two methods at my client application:

    def auth
      @consumer = OAuth::Consumer.new 'KEY', 'SECRET', :site => "http://localhost:3000"
      @request_token = @consumer.get_request_token
      session[:request_token] = @request_token
      redirect_to @request_token.authorize_url
    end

    def auth_callback
      @request_token ||= session[:request_token]
      @access_token = @request_token.get_access_token :oauth_verifier => params[:oauth_verifier]
      @request = @access_token.get '/user_info.json'
      render :text => @request.body.inspect
   end

And API method at provider application:

    class UsersController < InheritedResources::Base
      before_filter :login_or_oauth_required
      load_and_authorize_resource

      def info
        logger.info current_user.present? # => false
        @info = {   } # here I've collect user info for current_user
        respond_to do |format|
          format.json { render :json => @info }
        end
      end
    end

Shit happens when I try getting user info at line: @request = @access_token.get '/user_info.json' When I call it in consumer application user already unauthorized at provider application.

How I can stay authorized at provider's resource?

upd: I've got current_user.present? # => false in case I pass authorization for info action (before_filter :login_or_oauth_required, :except => [:info]) otherwise I've got redirected to login page.

Improve this question

2 Answers 2

Reset to default
1

You don't stay authorized in the provider.

On every request to your API, you'll receive the access token (either in parameters or header), and from this token you'll be able to determine who is the current_user. There is no session among requests.

This gem may help if you need an OAuth provider.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I have updated question text. This article contains few words about ho to test OAuth provider: "Pick a controller action that currently requires login @response=@access_token.get '/accounts'". But I've got redirected before my '/user_info.json' action.
0

The load_and_authorize_resource will deny access to info action. just add :except attribute

    load_and_authorize_resource :except => [:info]
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.