How can I implement authentication in my API?

rubyonrails-talk
1

I'm developing an API for my site, and I'm wondering how I can make it so requests require basic access authentication (like in Twitter's API for example)? I'm using restful-authentication on Rails 2.3.2. Thanks!

2

Andrew wrote:

I'm developing an API for my site, and I'm wondering how I can make it so requests require basic access authentication (like in Twitter's API for example)?

[...]

I'm no expert on this, but perhaps you want to use OAuth like Twitter has done.

Best,

3

There's already support for basic auth in restful-authentication; it only gets used by default for (off the top of my head) JSON and XML formatted requests. The support is pretty simple - take a look at (in restful_auth) AuthenticatedSystem#access_denied, and also the core docs for ActionController::HttpAuthentication.

--Matt Jones

4

Thanks Matt, that's exactly what I was looking for.

5

Can you post your code how you fixed it please! I am using also restful authentication and want to provide basic authenticaton for xml!

Thank you

Wouter

6

def authenticate    @current_user = authenticate_or_request_with_http_basic { |u, p| User.authenticate(u, p) } end

Use as a before filter.

7

But with this code i have to authenticate every time when i try to access the website..

I have this code for authenticate:

def authenticate         case request.format         when Mime::XML, Mime::ATOM           if self.user = authenticate_or_request_with_http_basic { |u, p> User.authenticate(u, p) }             @current_user = user           else             request_http_basic_authentication           end         else           user = User.find_by_remember_token(cookies[:auth_token])         end       end

But when i try to access an xml resource i get the authentication dialog and i get a page with error (ouldn't find Profile without an ID) and when i refresh i get the right xml page.. How can i fix this.. My authentication doesnt work because of this on android!

Thank you

8

But with this code i have to authenticate every time when i try to access the website..

I have this code for authenticate:

def authenticate         case request.format         when Mime::XML, Mime::ATOM           if self.user = authenticate_or_request_with_http_basic { |u, p> User.authenticate(u, p) }             @current_user = user           else             request_http_basic_authentication           end         else           user = User.find_by_remember_token(cookies[:auth_token])         end       end

But when i try to access an xml resource i get the authentication dialog and i get a page with error (ouldn't find Profile without an ID) and when i refresh i get the right xml page.. How can i fix this.. My authentication doesnt work because of this on android!

Thank you