How to authenticate a User with a corporate OAuth2 API

I have a corporate OAuth 2.0 API that every application should use to authenticate its users. This API requires a request to have the following parameyers:

  • response_type : must be set to “token”
  • client_id : client identifier for the application
  • redirect_uri : URI for the callback
  • state : a random value used by the client to maintain state between the request and callback
    Example:
*HTTP GET*
*https://corporate.auth.com/authorize?response_type=token&client_id=mySinglePageApp&state=myAppRandomState&redirect_uri=http%3A%2F%2Fmyapp%2Fcallback*

If the user is not authenticated, the standard corporate login page is displayed to enter user name and password.

If the user is authenticated after submitting the his user name and password, he is redirected to the client callback URL with an API generated token:

*HTTP 302 Redirect*
*Location https://myapp/callback#access_token=2YotnFZFEjr1zCsicMWpAA&type=Bearer&expire_in=3600&state=myAppRandomState*

What is the way to go to connect a Rails app to this API ? Should I the use the Devise gem for that ? Any other solutions ?

Thank you!

Have you looked at OmniAuth yet? That's how I would try to connect to an OAuth provider. There is a Devise strategy for OmniAuth. All the documentation you will find will show you how to connect via Facebook or Twitter or whatnot, but it's the same drill no matter which provider you choose.

Walter

Have you looked at OmniAuth yet? That’s how I would try to connect to an OAuth provider. There is a Devise strategy for OmniAuth. All the documentation you will find will show you how to connect via Facebook or Twitter or whatnot, but it’s the same drill no matter which provider you choose.

Walter

Thanks a lot Walter. Did you mean OmniAuth gem ?

Precisely. There's <strike>a</strike> MANY RailsCast(s) about it, long out of date, but still relevant enough to give you the basic idea of how it works.

http://railscasts.com/episodes?utf8=✓&search=omniauth

Walter

Precisely. There’s a MANY RailsCast(s) about it, long out of date, but still relevant enough to give you the basic idea of how it works.

http://railscasts.com/episodes?utf8=✓&search=omniauth

Walter

Yes, I saw it, - as you noticed, most of them are outdated. Thank you!

Precisely. There's <strike>a</strike> MANY RailsCast(s) about it, long out of date, but still relevant enough to give you the basic idea of how it works.

http://railscasts.com/episodes?utf8=✓&search=omniauth

Walter

Yes, I saw it, - as you noticed, most of them are outdated. Thank you!

Well worth watching anyway, they give you the gist of how to integrate, even if you need to translate up to modern idiom in places. It's like learning on hand tools, and then graduating to the machine shop!

Walter