How can I implement authentication in my API?

Andrew7 · June 18, 2009, 1:59am

I'm developing an API for my site, and I'm wondering how I can make it so requests require basic access authentication (like in Twitter's API for example)? I'm using restful-authentication on Rails 2.3.2. Thanks!

11175 · June 18, 2009, 3:48am

Andrew wrote:

I'm developing an API for my site, and I'm wondering how I can make it so requests require basic access authentication (like in Twitter's API for example)?

[...]

I'm no expert on this, but perhaps you want to use OAuth like Twitter has done.

Best,

Matt_Jones · June 18, 2009, 5:06pm

There's already support for basic auth in restful-authentication; it only gets used by default for (off the top of my head) JSON and XML formatted requests. The support is pretty simple - take a look at (in restful_auth) AuthenticatedSystem#access_denied, and also the core docs for ActionController::HttpAuthentication.

--Matt Jones

Andrew7 · June 19, 2009, 3:19am

Thanks Matt, that's exactly what I was looking for.

Wouter1 · July 16, 2009, 3:18pm

Can you post your code how you fixed it please! I am using also restful authentication and want to provide basic authenticaton for xml!

Thank you

Wouter

Andrew7 · July 16, 2009, 6:36pm

def authenticate @current_user = authenticate_or_request_with_http_basic { |u, p| User.authenticate(u, p) } end

Use as a before filter.

Wouter1 · July 17, 2009, 9:20pm

But with this code i have to authenticate every time when i try to access the website..

I have this code for authenticate:

def authenticate case request.format when Mime::XML, Mime::ATOM if self.user = authenticate_or_request_with_http_basic { |u, p> User.authenticate(u, p) } @current_user = user else request_http_basic_authentication end else user = User.find_by_remember_token(cookies[:auth_token]) end end

But when i try to access an xml resource i get the authentication dialog and i get a page with error (ouldn't find Profile without an ID) and when i refresh i get the right xml page.. How can i fix this.. My authentication doesnt work because of this on android!

Thank you

Wouter1 · July 22, 2009, 9:09am

But with this code i have to authenticate every time when i try to access the website..

I have this code for authenticate:

def authenticate case request.format when Mime::XML, Mime::ATOM if self.user = authenticate_or_request_with_http_basic { |u, p> User.authenticate(u, p) } @current_user = user else request_http_basic_authentication end else user = User.find_by_remember_token(cookies[:auth_token]) end end

But when i try to access an xml resource i get the authentication dialog and i get a page with error (ouldn't find Profile without an ID) and when i refresh i get the right xml page.. How can i fix this.. My authentication doesnt work because of this on android!

Thank you