Last Updated: February 25, 2016
·
7.745K
· michiels

How to simply roll your own OAuth2 provider with direct user/pass access

#ruby
#rails
#api
#oauth

For one of our clients, we are building an interface application and an API layer. All authentication and stuff is going to happen in the API and our interface will use OAuth to authenticate with the API.

Initially, we won't want any interface code in the API application so I was looking for a solution where we could directly pass the username and password from a login form in the interface to our API OAuth Provider.

Since we are writing both apps we don't have a need to have the user accept it's app access. Here's the code in the controller:

app/controllers/authorize_controller.rb

class AuthorizeController < ApplicationController
 skip_before_filter :verify_authenticity_token

 def sign_in

 u = User.find_by_username(params[:username])

 Songkick::OAuth2::Provider.handle_passwords do |client, username, password, scopes|
 user = User.find_by_username!(username)
 if user.authenticate?(password)
 user.grant_access!(client)
 else
 nil
 end
 end

 oauth = Songkick::OAuth2::Provider.parse(nil, env)
 response.headers = oauth.response_headers

 if body = oauth.response_body
 render :text => body, :status => oauth.response_status
 end
 end
end

Here are the routes:

config/routes.rb

OauthProvider::Application.routes.draw do
 post "/oauth/token" => "authorize#sign_in"
end

I am using the <a href="songkick-oauth2-provider">https://github.com/songkick/oauth2-provider</a>. If you want to know how to set up your models, please read their README.

I built a little Rake task to test a connection by trying to grab an access token from the provider.

lib/tasks/oauth_test.rake

require 'oauth2'

namespace :oauth do

 desc "Test our oauth connection" 
 task :test => :environment do

 client = OAuth2::Client.new(
 "h171cbibzlqfzkdojeqpwbjzt235xw5", 
 "4vs772iob20vtvtaxgy6ndnpauv2sj", 
 :site => "http://oauthprovider.dev")

 token = client.password.get_token("michiel", "password")
 puts token.inspect

 end

end

All works fine!

If you have questions about the details. Please hook me up at <a href="@michiels" rel="nofollow">http://twitter.com/michiels">@michiels</a> or <a href="mailto:michiel@firmhouse.com">michiel@firmhouse.com</a>!

#ruby
#rails
#api
#oauth

Written by Michiel Sikkes

Say Thanks
Respond

Related protips

HTTP Posts in Ruby

166.6K
9

Centered Text And Images In Github Markdown

142.8K
1

Take a photo of yourself every time you commit

112K
29

Have a fresh tip? Share with Coderwall community!

Post
Post a tip
Best #Ruby Authors
projectcleverweb
291.1K
#ruby
#javascript
#css
danielwestendorf
165.1K
#ruby
#Javascript
#CoffeeScript
mcansky
141.1K
#ruby
#JavaScript
#Shell
knoopx
113.4K
#ruby
#JavaScript
#CoffeeScript
stevennunez
100.9K
#ruby
#JavaScript
#CoffeeScript
Related Tags
#ruby
#rails
#api
#oauth
Sponsored by
#native_company#
#native_desc#
#native_cta#
Filed Under
Ruby Development Tips
Ruby on Rails Development Tips
Awesome Job
See All Jobs
Post a job for only $299
Thanks to our sponsor
Sponsored by #native_company# — Learn More
#native_title# #native_desc#
#native_cta#