0

I need users to authenticate through a form, but I also need to expose this authentication as an API for use by other applications/devices.

Obviously I want to keep things simple and avoid duplication, so how should I approach this? Should I use a single URI for both user login and api login? If so how should I handle the different requirements - inform the user of success or failure with a flash/redirect and return a JSON object to the API client?

Improve this question

1 Answer 1

Reset to default
2

Use a form based login for your users (e.g. Devise)

and an OAuth based login for the API (for rails oauth2_provider)

You cannot avoid duplication here, not if you want to do things correctly. Mainly because your API is stateless and your users are stateful (the cookies!).

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

But what if I use token-based authentication? Would that mean there was a way of unifying the User login and API authentication?
oAuth is a bit more than an access_token only, you have to sign every request. The spec says that you can obtain an access_token sending your password, but it's not recommended. tools.ietf.org/html/draft-ietf-oauth-v2-22#page-14 Rails is full of gems doing all those things already, you won't have much to do, regarding duplication.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.