12

I am currently building an iPhone app with rails backend. I am using solely facebook 's Single Sign On (SSO) on the iphone and authentication works great on the client end pretty well. I am using devise on rails as the backend.

NOTE i have consulted Design for Facebook authentication in an iOS app that also accesses a secured web service already

I see that devise has something called token_authenticable which is essentially the "ticket" described in step 5 of that thread. This is the current flow I see

  1. user sign on to facebook SSO on the phone
  2. user makes a call to myserver.com/sessions/fb_sso with { access_token: X }
  3. On the server end (at SessionsController#fb_sso, I will make an API call to facebook with the access_token
  4. If access_token is valid, check if user exists in db. If user does not exist, create a new user
  5. Now we can return { user_id: X, devise_auth_token: Y } back to the call on 1)

This is pretty straight forward. However, I have a couple of questions:

  1. With the devise_auth_token, does that mean I no longer have to call sign_in("user", resource) from devise? (found here http://jessewolgamott.com/blog/2012/01/19/the-one-with-a-json-api-login-using-devise/)
  2. Where will be the best place to put the code for 3-4?
  3. I can't seem to find much on Google about this topic. Why are there so few tutorials out there for a process so common? Am I missing something blatantly obvious?
Community
  • 1
  • 1
xjq233p_1
  • 7,810
  • 11
  • 61
  • 107
  • 2
    Are you using the Omniauth gem for facebook connectivity? Combining devise and omniauth takes care of 3 and 4 for you! – MBHNYC Jun 17 '12 at 20:30
  • @MBHNYC: correct me if I'm wrong, but this is only for the case when user signs in via website. In the OP's case, user logs in via iphone app. The website doesn't see the flow. – Sergio Tulentsev Jun 17 '12 at 21:07
  • yes, but you're still passing the same information to Facebook and the callbacks can be modified to not render any views (or whatever the iOS app requires) anyway, if you generate / override all of the devise+omniauth controllers / views, OP should have all the programmatic tools to fulfill the request. – MBHNYC Jun 18 '12 at 00:36
  • 1
    Did you solve it? Do you have an example app? – cortex Apr 17 '13 at 23:00

2 Answers2

1

Why can't you use omniauth-facebook gem. Its a very simple solution to get the access token for if you use devise its potentiality will double. Make sure that you need to get different access token at different login time.

You can go through this link https://github.com/pramodv-nyros/social-login-in-rails

pramod
  • 2,258
  • 1
  • 17
  • 22
0

You have to use same token on server and ios client. A simple solution is put all logic on server side by device+omniauth, iOS only handle UI and response from server side. If you want to get token from iOS like use facebook iOS SDK, you should tell the token to Server side, but looks not safe.

atu0830
  • 405
  • 7
  • 15