Authentication for both web & api

11155 · November 22, 2013, 12:12am

Hello,

I need to develop an application which needs to authenticate user by verifying login name/password for both web access and api. I need the same controller to cater to both web and api. I can put the before_filter for the controller to make sure that user is logged-in and user_id is in session. But how do I design the controller that if the request comes as a rest web service request then before filter should not check session for logged user but should authenticate with login/password passed as parameters with request and then should go ahead whichever way the request came to controller.

I would really appreciate any code samples/links to sites which explain how to do that.

Thanks.

Tamara_Temple · November 22, 2013, 8:58pm

So I haven’t personally implemented such a thing, but I’ve used such things. AWS API requests do this thing where you establish a connection using the two keys (access and secret) and get a token to use for the rest of your API accesses (I’m pretty sure this times out eventually). I’m sure you could work something similar to that using the user/pw?

11155 · November 22, 2013, 9:28pm

Basically, I want to know how to implement different authentication checks for different request paths - from browser or from api.

Topic		Replies	Views
session auth and AWS auth rubyonrails-talk	3	102	January 4, 2008
Authenticating REST Webservices rubyonrails-talk	1	115	May 18, 2008
RESTful Authentication for external clients rubyonrails-talk	1	87	May 29, 2008
Restful_authentication log in from controller rubyonrails-talk	1	129	July 16, 2007
More efficient way to manage access control with restful_authentication? rubyonrails-talk	3	113	February 5, 2008

Authentication for both web & api

Related topics

More Resources