Autenticación entre aplicaciones usando OAuth

I have two rails application running at different ports. First at 3000 and the second at 4000. Both of them use Devise gem for auth. First application plays the role of OAuth provider and the second on OAuth consumer. I've followed este y y eso tutorials to build my environment.

Almost all works fine. I've successfully generated key and secret for consumer application. And successfully authorize at provider application.

There are two methods at my client application:

    def auth
      @consumer = OAuth::Consumer.new 'KEY', 'SECRET', :site => "http://localhost:3000"
      @request_token = @consumer.get_request_token
      session[:request_token] = @request_token
      redirect_to @request_token.authorize_url
    end

    def auth_callback
      @request_token ||= session[:request_token]
      @access_token = @request_token.get_access_token :oauth_verifier => params[:oauth_verifier]
      @request = @access_token.get '/user_info.json'
      render :text => @request.body.inspect
   end

And API method at provider application:

    class UsersController < InheritedResources::Base
      before_filter :login_or_oauth_required
      load_and_authorize_resource

      def info
        logger.info current_user.present? # => false
        @info = {   } # here I've collect user info for current_user
        respond_to do |format|
          format.json { render :json => @info }
        end
      end
    end

Shit happens when I try getting user info at line: @request = @access_token.get '/user_info.json' When I call it in consumer application user already unauthorized at provider application.

How I can stay authorized at provider's resource?

upd: I've got current_user.present? # => false in case I pass authorization for info acciónbefore_filter :login_or_oauth_required, :except => [:info]) otherwise I've got redirected to login page.

preguntado el 02 de febrero de 12 a las 11:02

2 Respuestas

You don't stay authorized in the provider.

On every request to your API, you'll receive the access token (either in parameters or header), and from this token you'll be able to determine who is the current_user. There is no session among requests.

Esta joya may help if you need an OAuth provider.

Respondido 02 Feb 12, 18:02

I have updated question text. Este artículo contains few words about ho to test OAuth provider: "Pick a controller action that currently requires login @response=@access_token.get '/accounts'". But I've got redirected before my '/user_info.json' action. - ck3g

La load_and_authorize_resource will deny access to info action. just add :except atributo

    load_and_authorize_resource :except => [:info]

Respondido 02 Feb 12, 19:02

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.