Generic Authentication about grape HOT 11 CLOSED

Should also be able to use authenticated and unauthenticated as a block to require authentication, e.g.

class MyAPI < Grape::API
  auth { something }

  authenticated do
    get '/me' do
      current_user
    end
  end
end

from grape.

+1

from grape.

Is anybody working on this now?

from grape.

+1 this is exactly what I need.

from grape.

+1 this would be very helpful.

from grape.

+1

from grape.

+1 yes, please

from grape.

Hi, I want to implement this very old feature, here is what I want at first (as @mbleigh said):

  auth { return a user}

  resource :post, auth: true do 
    get :id,  auth: false do
    end
  end

  post :something, auth: true do
  end

and provide the current_user help method (later this can be configed).

Because the auth method name was already taken, so I should find another name for it.
Just like devise, which provide authenticate & authenticate! method, still thinking how to implements this on the options way. maybe make the auth accept true, false and :optional.

I want to implement the block authenticate way later because if using with namespace ,there will be more block.

class API < Grape::API
  authenticate do 
     resource :post do
       get :id do
       end
     end
  end
end

any suggestion?

from grape.

Maybe a clearer name could be protect do, because there's a combination of authenticate and authorize that's going to be going on most likely.

from grape.

Hi, I started working on this yesterday.
the current DSL is like this:

  protection do
    # this method should return a user or nil, 
    # the return value will set to ['api.current_user'] and access by current_user
    # it can access params and headers
  end

  post :post, protect: true do

  end

I implement this by adding a middleware , but found the params and headers methods of Endpoint are only available after building middleware . so maybe I should change Protection to a simple class, add the protection call to
Endpoint #run just like the validation ?

and about eval the protection block, I'm using Protection#instance_eval , so I can add some help methods like http_basic that can be used in the block, but this need to delegate some methods to the endpoint, like params, headers, cookies.
If using Endpoint#instance_eval, there will be lack of adding custom help methods.

from grape.

We now have pretty extensive support for custom auth middleware, see https://github.com/intridea/grape#authentication. I am going to make an executive decision by saying that any protection (aka authorization) implementation that decorates individual APIs in a way that says, for example, "this API requires admin privileges", aka role-based auth, should be delegated into a separate gem.

from grape.