phurni / authlogic_api Goto Github PK
View Code? Open in Web Editor NEWAuthlogic plugin to allow API requests to be authenticated automatically by using an api_key/signature mechanism
License: MIT License
Authlogic plugin to allow API requests to be authenticated automatically by using an api_key/signature mechanism
License: MIT License
In Rails 3, authlogic_api throws SystemStackError (stack level too deep) when saving acts_as_authentic models. This error occurs both for User models which use only core authlogic (rather than authlogic_api) as well as for Client models which require authlogic_api. Removing authlogic_api but keeping authlogic resolves this error for User models.
Hello phurni,
I was trying to use the authlogic_api plugin and have created the model and session but I don't know how to validate the created session (I am newby to RoR).
Do I have to create a new session when an action on a controller is called? and if so, how can I do to make it validate using the validate_by_api and not validate_by_password
If you can send me an example of implementation it would be very very helpful to me
I am really in an impass here and seek for your help as soon as possible
Thanks in advance
Hey, MD5 hashing is considered insecure, and therefore this library is also insecure. You should switch to a stronger hashing scheme.
Thanks for making/posting this!
Is there somewhere I can read up on this approach to authenticating API's? I saw Facebook uses something similar with their apps) but I don't feel like I quite understand it yet. Specifically...
If I understand the server side right...
The app_key never goes across the wire, so when it gets to the server, the server recomputes the signature using it's own app_key and makes sure it matches.
Ok I get this....but
Regarding #2, I'm assuming this is why Facebook passes the microtime (num milliseconds) as an additional param? So maybe that is an additional precaution not used here.
Finally...is this a good way to authenticate BOTH a user and an app? I guess this is what I'm really trying to do. Haven't quite wrapped my head around it though.
Thanks again!
Brian
Hi
From what I could understand, this plugin intends to use authlogic's authentication process but while using api_key/api_secret instead of login/password (correct me if I'm wrong).
But what is exactly the purpose of this line?
api_key_param 'app_key'
I keep getting a "undefined method `api_key_param'" error if I use it.
Without it the authentication is still not working.
My question is how make requests?
I understand that I have to put app_key in the query string, like:
http://localhost:3000/posts?app_key=key
But my secret will be exposed too? In an ajax request, for example, the secret will be exposed on javascript code on a block to hash it with params and app_key?
Do you have some examples for consuming a resource?
Thanks!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.