Can anyone give an example or link to tutorial how can be implemented manual signin for users and get session_id.
I am porting an application from Rails 2 to Rails 3, that used before RestAuthentication. The new app uses devise, and I already managed to fix the sign-in/sign-out for admins. The application has one more model (users) that need to be authenticated.
I need to get session_id in order to pass it in the response, because the client is not browser, but mobile device.
Any links, ideas and examples are welcome. Thanks in advance!
I used token id instead of session id. The token is re-generated each time when the session is expired or user log-outs.
Related
I am using auth0 to register users on my application, and hope to also use their api auth.
However, I have some endpoints like POST /api/v1/events which requires a authenticated user.
In the application side, each event has a createdByUserID which is the user id of the requestor. I would like to get the userID from each request that comes in.
How can I accomplish this? I'm trying to follow their docs but I am having a pretty hard time.
You can use a rule in Auth0 to call your application when a user is registered. See this forum post. You can access details about the newly registered user in your rule, to extract data to pass to your application - see the Auth0 doc.
I'm trying to make a check for a specific user logging into Instagram and approving an app I've created. Is this possible?
Example flow :
User comes to my app
User clicks login/authenticate via Instagram
User logs in (or check is made if user is logged in via Instagram)
User is redirected to my app's callback URI.
When the user gets back to my app I would like to be able to check which user has authenticated - is this possible? At present I'm only able to get an access token.
Thanks for any help.
I've actually solved this by using the server-side flow mentioned in the API documentation (http://instagram.com/developer/authentication/) which gives me back a response including the details of the user logged in if following the extra step (code->access_code application, etc).
I also figured out what you mention above too, so both ways are good.
Thanks for you help.
The information is not directly returned to you in the OAuth process, but once you have the access token you can load user information using the https://api.instagram.com/v1/users/self/?access_token=XXXX endpoint. That will give you data about the currently logged in user (including ID and username)
So I am updating an older desktop app (written in VB, .net 4.0) with facebook integration and followed the guide found here, and have been able to successfully get a token (by parsing the uri of the embedded webview if it contains "token="). Now my problem is if I try to login with a facebook account that has already approved the app in a prior session, the webview just gets redirected to https://www.facebook.com/connect/login_success.html without any token information.
Do I HAVE to log all of the tokens I generate manually (ie on successful token generation, I can call their profile info, use their FB ID as key and save the token)? Even if I do, since the email and password is input directly into the facebook login window, how do I check if the user already has a token?
Thanks in advance
The access token can change any time, you need to get it everytime. After getting the token, I immediately get the user information https://graph.facebook.com/me?access_token=??? and use that ID to find their database information.
I couldn't quickly find facebook information but on google's oauth information it says "The access token is also associated with a limited scope that define the kind of data the your client application has access to (for example "Manage your tasks"). An important goal for OAuth 2.0 is to provide secure and convenient access to the protected data, while minimizing the potential impact if an access token is stolen."
https://code.google.com/p/google-api-php-client/wiki/OAuth2
Ok so I finally figured it out myself. My mistake was apparently requesting the access_token directly (ie https://www.facebook.com/dialog/oauth?response_type=token...) to try and save time.
I fixed it by making a request for a 'code' instead (ie https://www.facebook.com/dialog/oauth?response_type=code), which I then use to make a second request to retrieve an access token as documented here: https://developers.facebook.com/docs/facebook-login/login-flow-for-web-no-jssdk/, "Exchanging code for an access token" section a bit lower on the page.
Hope this helps someone in the future, this was very frustrating on my part.
Regards,
Prince
I am planning to develop something small in windows 8 using HTML/JavaScript project type. I have very basic question. How will i manage the session that who is logged in and what they are doing? This looks kind of absurd question so i will try to give some details of what i have in mind.
User opens the app and gets login page.
User enters username/password.
App calls WCF service or WebAPI and validates the user.
After the third step, user information has to be kept somewhere because i have to know every time who is the logged-in user so that i can check on every operation that what rights the user has and is he authorized to execute particular operation or not.
Since everything here is HTML/JS, i dont know where should i keep the user login information?
Can someone please throw some light as what am i missing here?
Use PasswordVault API to store the password or other secret
http://msdn.microsoft.com/en-us/library/windows/apps/windows.security.credentials.passwordvault.aspx
Then you can send your auth token with the subsequent request.
Is this what you are asking? Or, I misunderstood it?
I want to use devise's tokens to support logging in/out in multiple clients at once. The problem is that today there's only one authentication token per user.
With today's devise i can:
1. Use the same token for all clients.
2. Reset the token on every login (and lose the login on other devices).
What i want i a the ability to create multiple tokens (one for each client). Does devise has that option? Is there any other plugin?
Thanks,
I solved it and wrote my solution in my blog: http://www.refaelos.com/post/20664288136/multiple-token-authentication-with-devise-redis?2c914400