Sinatra + Omniauth + Android, Advice Sought
I'm developing a Sinatra app for which I'd like to use OmniAuth. So far, I have something similar to this for the web app: http://codebiff.com/omniauth-with-sinatra I'd like the we
Solution 1:
As no-one seems to have any suggestions, here's what I've come up with so far. I don't think it's very good, though.
I've added an API key to the user model, which is created when the user is first authenticated:
classUserinclude DataMapper::Resource
property :id, Serial, :key => true
property :uid, String
property :name, String
property :nickname, String
property :created_at, DateTime
property :api_key, String, :key => trueend
....
get '/auth/:name/callback'do
auth = request.env["omniauth.auth"]
user = User.first_or_create({ :uid => auth["uid"]},
{ :uid => auth["uid"],
:nickname => auth["info"]["nickname"],
:name => auth["info"]["name"],
:api_key => SecureRandom.hex(20),
:created_at => Time.now })
session[:user_id] = user.id
session[:api_key] = user.api_key
flash[:info] = "Welcome, #{user.name}"
redirect "/success/#{user.id}/#{user.api_key}"endIf the authorisation works then the api_key is supplied to the Android app, which will presumably store it on the device somewhere:
get '/success/:id/:api_key', :check => :valid_key?do
user = User.get(params[:id],params[:api_key])
if user.api_key == params[:api_key]
{'api_key' => user.api_key}.to_json
else
error 401endendAll API calls are protected as in the link in my original post:
register dodefcheck(name)
condition do
error 401unless send(name) == trueendendend
helpers dodefvalid_key?
user = User.first(:api_key => params[:api_key])
if !user.nil?
returntrueendreturnfalseendendFor public use I'll only allow SSL connections to the server. Any suggestions for improvement would be welcome.
Post a Comment for "Sinatra + Omniauth + Android, Advice Sought"