0

I created a Rails API application, that is currently do his job awesomely, but I realized that is missing the most important part, a login from the React application and at the same time the authentication from a python application I developed that should consume those API as well.

Now, looking at the various offering, seems all fuzzy, at least from my prospective and I would like to have an advice that is not from 2016 or before but that is actual today.

Many solutions on the net, was getting dirty the main ApplicationController, that didn't make sense to me. So I thought that a 'modern' way or let's say, 'a way' is to use doorkeep and devise.

I thought about Doorkeep because allow me to have the 'Applications' therefore I can delegate to applications the authentication in the proper way while using the JWT for the SPA application, but honestly I don't know from where to start deciding :)

I wanted to share here also the link of a blog post that inspired this question: https://www.vic-l.com/jwt-with-refresh-token-using-devise-and-doorkeeper-without-authorization/

Sadly something I found still, without an answer, at the moment, is Setting up DoorKeeper with multiple Rails/React applications?

Now, I can use doorkeeper to manage the JWT for the SPA and the applications for the client in Python ?

Thanks in advance!

Paco V.
  • 87
  • 7
  • 1
    If you plan to support Oauth authentication on your service, Doorkeeper seems a good choice to me. If not, you could choose a more simple traditional token-base solution (like the `tiddle` gem, for instance) – pedrosfdcarneiro May 19 '20 at 21:06
  • 1
    Thanks @pedrosfdcarneiro for your feedback! I will look into `tiddle` to weight a bit more my strategy. Also I will update my question with some details about the 'recipes' i found. – Paco V. May 19 '20 at 21:24
  • 2
    I would encourage you to go through this tutorial on youtube: https://www.youtube.com/playlist?list=PLgYiyoyNPrv_yNp5Pzsx0A3gQ8-tfg66j – Cannon Moyer May 20 '20 at 04:27
  • 1
    Also, to enable session cookies in api only mode, this answer explains how to resolve the issue: https://stackoverflow.com/a/61238872/7426461 – Cannon Moyer May 20 '20 at 04:30
  • 1
    Your question is pretty big and indeed demands more context. If you have a simple Rails API and a separate SPA, you can get away with using some type of token based setup (many gems that hook into Devise will work). However, if you're planning on exposing your API to clients that are not controlled by you, then you'll want to use OAuth for all your authorization. This way you'll have a single setup that can handle any case. It's helpful for you to also know where authentication stops and authorization begins to avoid confusion about the roles Devise and Doorkeeper play when working together. – Nathan Jul 31 '20 at 16:51

0 Answers0