All Projects → simplabs → Rails_api_auth

simplabs / Rails_api_auth

Licence: mit
Lightweight Rails Engine that implements the "Resource Owner Password Credentials Grant" OAuth 2.0 flow as well as Facebook authentication

Programming Languages

ruby
36898 projects - #4 most used programming language

Projects that are alternatives of or similar to Rails api auth

remix-auth
Simple Authentication for Remix
Stars: ✭ 929 (+549.65%)
Mutual labels:  oauth2, auth
yii-auth-client
Yii Framework external authentication via OAuth and OpenID Extension
Stars: ✭ 20 (-86.01%)
Mutual labels:  oauth2, auth
logto
🧑‍🚀 Logto helps you build the sign-in, auth, and user identity within minutes. We provide an OIDC-based identity service and the end-user experience with username, phone number, email, and social sign-in, with extendable multi-language support.
Stars: ✭ 3,421 (+2292.31%)
Mutual labels:  oauth2, auth
Doorkeeper Provider App
An example OAuth 2 provider application using the Doorkeeper gem, Rails and Devise
Stars: ✭ 146 (+2.1%)
Mutual labels:  rails, oauth2
Angular Auth Oidc Client
npm package for OpenID Connect, OAuth Code Flow with PKCE, Refresh tokens, Implicit Flow
Stars: ✭ 577 (+303.5%)
Mutual labels:  oauth2, auth
passport-laravel
Telegram Unofficial OAuth2 Provider for Laravel Socialite
Stars: ✭ 26 (-81.82%)
Mutual labels:  oauth2, auth
ertis-auth
Generic token generator and validator service like auth
Stars: ✭ 28 (-80.42%)
Mutual labels:  oauth2, auth
Vue Authenticate
Simple Vue.js authentication library
Stars: ✭ 1,350 (+844.06%)
Mutual labels:  oauth2, auth
Angular Token
🔑 Token based authentication service for Angular with interceptor and multi-user support. Works best with devise token auth for Rails. Example:
Stars: ✭ 376 (+162.94%)
Mutual labels:  rails, auth
httpx auth
Authentication classes to be used with httpx
Stars: ✭ 59 (-58.74%)
Mutual labels:  oauth2, auth
Yt
The reliable YouTube API Ruby client
Stars: ✭ 674 (+371.33%)
Mutual labels:  rails, oauth2
Fosite
Extensible security first OAuth 2.0 and OpenID Connect SDK for Go.
Stars: ✭ 1,738 (+1115.38%)
Mutual labels:  oauth2, auth
React Native Instagram Login
a react native instagram login component (support android & ios). Pull requests are welcome!
Stars: ✭ 139 (-2.8%)
Mutual labels:  auth
Rails emoji picker
Add emoji to your app 😺
Stars: ✭ 141 (-1.4%)
Mutual labels:  rails
Activejob Retry
Automatic retries for ActiveJob
Stars: ✭ 138 (-3.5%)
Mutual labels:  rails
Zen Rails Security Checklist
Checklist of security precautions for Ruby on Rails applications.
Stars: ✭ 1,765 (+1134.27%)
Mutual labels:  rails
Rails admin theme
rails_admin theme flat theme
Stars: ✭ 142 (-0.7%)
Mutual labels:  rails
Activeadmin Themes
Awesome themes for ActiveAdmin.
Stars: ✭ 141 (-1.4%)
Mutual labels:  rails
Actioncable Vue
A Vue plugin that makes integrating Rails Action Cable dead-easy.
Stars: ✭ 138 (-3.5%)
Mutual labels:  rails
Omniauth Vkontakte
Vkontakte OAuth2 Strategy for OmniAuth
Stars: ✭ 137 (-4.2%)
Mutual labels:  oauth2

RailsApiAuth

Build Status

Rails API Auth is a lightweight Rails Engine that implements the "Resource Owner Password Credentials Grant" OAuth 2.0 flow (RFC 6749) as well as Facebook and Google authentication for API projects.

It uses Bearer tokens (RFC 6750) to authorize requests coming in from clients.

Installation

To install the engine simply add to the application's Gemfile

gem 'rails_api_auth'

and run:

bundle install

Rails API Auth also adds a migration to the application so run

rake db:migrate

as well to migrate the database.

Usage

Rails API Auth stores a user's credentials as well as the tokens in a Login model so that this data remains separated from the application's User model (or Account or whatever the application chose to store profile data in).

After installing the engine you can add the relation from your user model to the Login model:

class User < ActiveRecord::Base

  has_one :login # this could be has_many as well of course

end

When creating a new User in the host application, make sure to create a related Login as well, e.g.:

class UsersController < ApplicationController

  def create
    user = User.new(user_params)
    if user.save && user.create_login(login_params)
      head 200
    else
      head 422 # you'd actually want to return validation errors here
    end
  end

  private

    def user_params
      params.require(:user).permit(:first_name, :last_name)
    end

    def login_params
      params.require(:user).permit(:identification, :password, :password_confirmation)
    end

end

The engine adds 2 routes to the application that implement the endpoints for acquiring and revoking Bearer tokens:

token  POST /token(.:format)  oauth2#create
revoke POST /revoke(.:format) oauth2#destroy

These endpoints are fully implemented in the engine and will issue or revoke Bearer tokens.

In order to authorize incoming requests the engine provides the authenticate! helper that can be used in controllers to make sure the request includes a valid Bearer token in the Authorization header (e.g. Authorization: Bearer d5086ac8457b9db02a13):

class AuthenticatedController < ApplicationController

  include RailsApiAuth::Authentication

  before_action :authenticate!

  def index
    render json: { success: true }
  end

end

If no valid Bearer token is provided the client will see a 401 response.

The engine also provides the current_login helper method that will return the Login model authorized with the sent Bearer token.

You can also invoke authenticate! with a block to perform additional checks on the current login, e.g. making sure the login's associated account has a certain role:

class AuthenticatedController < ApplicationController

  include RailsApiAuth::Authentication

  before_action :authenticate_admin!

  def index
    render json: { success: true }
  end

  private

    def authenticate_admin!
      authenticate! do
        current_login.account.admin?
      end
    end

end

See the demo project for further details.

Configuration

The Engine can be configured by simply setting some attributes on its main module:

RailsApiAuth.tap do |raa|
  raa.user_model_relation = :account # this will set up the belongs_to relation from the Login model to the Account model automatically (of course if your application uses a User model this would be :user)

  # Facebook configurations
  raa.facebook_app_id       = '<your Facebook app id>'
  raa.facebook_app_secret   = '<your Facebook app secret>'
  raa.facebook_redirect_uri = '<your Facebook app redirect uri>'

  # Google configurations
  raa.google_client_id     = '<your Google client id>'
  raa.google_client_secret = '<your Google client secret>'
  raa.google_redirect_uri  = '<your app redirect uri>'

  # Edx configurations
  raa.edx_client_id     = '<your Edx client id>'
  raa.edx_client_secret = '<your Edx client secret>'
  raa.edx_domain        = '<your Edx app domain>'
  raa.edx_redirect_uri  = 'your Edx app redirect uri'

  # Force SSL for Oauth2Controller; defaults to `false` for the development environment, otherwise `true`
  raa.force_ssl = false
end

A note on Edx Oauth2 code flows

It is nesescary to include the Edx username in the request when making a call rails_api_auth call /token. When rails_api_auth interfaces with Edx's user api, the username is need to retrieve user data, not just a valid oauth2 token.

E.g.

headers = {
  username: "alice",
  auth_code: "alices_authorization_code",
  grant_type: "edx_auth_code"
}

Contribution

See CONTRIBUTING.

License

Rails API Auth is developed by and © simplabs GmbH and contributors. It is released under the MIT License.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].