0

I am using devise_auth_token gem in my rails-api app. I used omniauth_google_oauth2 gem with my app for auth but it was very buggy so I decided to follow a different approach.

I have a route in my api app that will response

{ "url": google-oauth-login-url }

The frontend app use that route to put it in the login with google btn.

After a user click in the btn they will be redirected to google oauth page and after filling in the details they will be then redirected to the frontend home page with the google code in the url.

The frontend app will send a req to the api server with the code and the server will req to the google server again to exchange that google code for access-token, refresh token and all that.

After the server receives those token, the server again makes another req to the google server to fetch user profile.

I dont know how to register the user after I get the user profile info.

How do i register it ? After registering it, how do I sign it in or send a authentication token to the frontend app? The authentication token will be used in every headers while making the api call.

Any idea?

Raaz
  • 1,669
  • 2
  • 24
  • 48

2 Answers2

0

Registration is a process of storing data to the database. So when you get user profile and save it to the database, it means -- you've already registered it.

I see process of sign in as you saved additional field with this token to user table and send it to the frontend. So client knows access_token and server knows who is an owner of this token.

AntonTkachov
  • 1,784
  • 1
  • 10
  • 29
  • neat. Registration is taken care of by following this https://stackoverflow.com/a/4316995/4156793 . Now I want to sign_in and get auth token which i can pass to the frontend app. I guess I can use sign_in to sign_in. – Raaz Nov 10 '17 at 14:37
  • 1
    Not sure, but looks like you are right. Have you tried it? – AntonTkachov Nov 10 '17 at 14:56
  • I have tried up to sign_in which works. But i need to figure out a way to fetch token and send that auth token to the frontend app – Raaz Nov 10 '17 at 14:58
  • Doesn't token is stored to user table? I think you can get it there – AntonTkachov Nov 10 '17 at 15:04
  • looking over the code in the registration_controller int he devise_token_auth gem they are generating token, client_id, uid and expiry time and thensaving it but for me I am not saving any of those . – Raaz Nov 10 '17 at 15:13
  • Then you should partially use devise logic to save all of this when you create a new user – AntonTkachov Nov 10 '17 at 15:17
0

I had to dive into the gem code to get this right

def log_in_or_create_employee(user_info)
    @resource = Employee.find_by email: user_info["emails"][0]["value"]
    if @resource.nil?
        password = Devise.friendly_token[0,10]
        @resource = Employee.new({
            name: user_info["displayName"], 
            admin: true, 
            first_name: CustomRegex.japanese?(user_info["name"]["givenName"]) ? '' : user_info["name"]["givenName"],
            last_name: CustomRegex.japanese?(user_info["name"]["familyName"]) ? '' : user_info["name"]["familyName"],
            email: user_info["emails"][0]["value"],
            password: password,
            password_confirmation: password
            })
    end
        @client_id = SecureRandom.urlsafe_base64(nil, false)
  @token     = SecureRandom.urlsafe_base64(nil, false)
  @resource.tokens[@client_id] = {
          token: BCrypt::Password.create(@token),
          expiry: (Time.now + DeviseTokenAuth.token_lifespan).to_i
  }
  @resource.skip_confirmation!
        @resource.save!

        return render json: {client_id: @client_id, expiry: @resource.tokens[@client_id][:"expiry"],
                                                 token: @token, uid: @resource.uid
                                                }
end

I save the user with token and return the access tokens.

Raaz
  • 1,669
  • 2
  • 24
  • 48