We''ve built a RESTful API that''s really easy to use. The question now is how do I build in authentication? My app itself has uses acts_as_authenticated to manage authentication when someone is using the app. But what about when they''re using the API remotely instead? I''m not sure how to handle that. Thanks for any info. Pat --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Use HTTP AUTH. Check this out for more information: http://blogs.23.nu/c0re/stories/7409/ There''s also the restful_authentication plugin: http://svn.techno-weenie.net/projects/plugins/restful_authentication/ - Justin Williams Owner, Second Gear http://www.secondgearllc.com/ - Check out Porchlight: bug tracking for small teams <http://www.porchlightnow.com> On Jan 11, 1:41 pm, "Pat Maddox" <perg...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> We''ve built a RESTful API that''s really easy to use. The question now > is how do I build in authentication? My app itself has uses > acts_as_authenticated to manage authentication when someone is using > the app. But what about when they''re using the API remotely instead? > I''m not sure how to handle that. Thanks for any info. > > Pat--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 1/11/07, Justin Williams <carpeaqua-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > Use HTTP AUTH. Check this out for more information: > http://blogs.23.nu/c0re/stories/7409/ > > There''s also the restful_authentication plugin: > http://svn.techno-weenie.net/projects/plugins/restful_authentication/I actually am using the restful_authentication plugin to handle authentication...it''d be sweet if I could just use that without making too many changes. Basically the problem is that the authentication is stored in the session (as the first link discusses). So if my client code isn''t managing a session, I can''t use it. Net::HTTP.start(''localhost'', 3000) do |http| http.post "/sessions", "login=myusername&password=mypassword" response = http.post "/users/7/books", "book[title]=supercool" puts response.body end That should create a new book resource, but it just redirects to the login page. I can only assume that it''s because Net::HTTP.start doesn''t actually handle session stuff. One approach that I''ve seen is to have an API key and pass that in as a parameter on requests. That seems like it''d probably be the easiest approach. I don''t know if it''s best though. I''d like to figure out the best way to do this, ideally just using restful_authentication and all the user info I have right now. Clients are going to be whatever they want to be...I just need a way of controlling access to the resources we''re exposing. Pat --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 1/11/07, Pat Maddox <pergesu-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> I''d like to figure out the best way to do this, ideally just using > restful_authentication and all the user info I have right now. > Clients are going to be whatever they want to be...I just need a way > of controlling access to the resources we''re exposing.Actually, it looks like it''ll be really easy with HTTP AUTH. http://ryandaigle.com/articles/2006/12/4/whats-new-in-edge-rails-new-http-authentication-plugin-and-a-plea-to-contribute has info on a new http auth plugin. I tried it out just now and it seems to work great. So the only consideration here is that every single request requires that the username and password be included in the URL. Is that a bad thing? Obviously a client can wrap that up, but I''d just like to know if it''s bad for some reason to have to include auth info in each request. One possibly downside is that either all auth info is unencrypted from now on, or every request has to be done through SSL. Pat --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---