27

I've set up user auth for my rails App with Devise and Omniauth. Now I'm wondering where I should start to use the same auth for an Android and iPhone app I want to create.

Should I use a mobile version of my /auth/facebook or should I directly send a request from the app ?

This is a quite general question, but I've found nowhere to look at.

EDIT : I've just added Token Auth to the app to use with the RESTful api, I'm just missing the Omniauth/Facebook-token part.

rnaud
  • 2,610
  • 32
  • 38
  • I have the Facebook SDK set up in my Android app but it seems the token I get back is not the same than the one I have in my rails app database so I cannot compare them to auth my user ?! – rnaud Jan 31 '11 at 21:32

1 Answers1

38

Alright, so I'm answering my own question.

If you use the Facebook SDK, the SSO works quite good on the device, BUT, the token you receive is not the same as the one you're gonna receive on your Rails App. Apparently Facebook creates different tokens depending on the support.

So what I did was: Once I receive the token on the Android device, I send it to my rails app via the url: 

http://myapp/check_mobile_login?token=FB_MOBILE_TOKEN

This is then caught by my Application controller, which uses the Token with the fb_graph gem to fetch user data. If the Token is valid I'm going to receive some pieces of information. I then check with my database, and, if I find the same UID, then my user is authenticated and I send him back the Authentificable_token from Devise.

And the draft code :

    def check_mobile_login
        token = params[:token]

        user = FbGraph::User.me(token)
        user = user.fetch

        logged = User.find_by_uid(user.identifier)

        respond_to do |format|
            format.html # index.html.erb
            format.json { render :json => logged.authentication_token }
        end
    end

If anyone has a better solution, I would be glad to hear that :)

pdobb
  • 17,688
  • 5
  • 59
  • 74
rnaud
  • 2,610
  • 32
  • 38
  • Hi, i'm trying to do the same thing and i wonder where exactly you "sign_in" to devise so the authentication_token will be generated inside your rails app ? – refaelos Apr 28 '12 at 21:29
  • Add :token_authenticatable to your devise declaration in your User model, then every new user will get a "authentication_token" that you can use to login with your next requests. – rnaud Apr 29 '12 at 00:25
  • yes but you have to "sign_in" in order to regenerate a token if it's expired. you also have to "sign_in" for the user to be the current_user. – refaelos Apr 29 '12 at 09:10
  • 1
    https://github.com/SoapSeller/omniauth-facebook-access-token may be useful to any googlers. It seems to follow the same omniauth pattern but allows one to use the access_token in a callback to the server and have the server retrieve user details. – Zachary Moshansky May 21 '14 at 20:55