I need to use token based authentication in a Rails 3.1 API in conjunction with the most recent version of devise. No problem so far.
我需要在Rails 3.1 API中结合最新版本的设备使用基于令牌的身份验证。到目前为止没问题。
Now I do not want to append my :auth_token to the POST/PUT parameters on client side but send this token as a request header like HTTP_X_MYAPP_AUTH_TOKEN".
现在我不想将我的:auth_token附加到客户端的POST / PUT参数,而是将此令牌作为请求标头发送,如HTTP_X_MYAPP_AUTH_TOKEN“。
Can I convince devise from using that rather than a token from parameters? Is it possible to implement both, so that my API users can send the token via request header OR POST/PUT parameter?
我可以说服设计使用它而不是参数中的令牌吗?是否可以实现这两者,以便我的API用户可以通过请求头或POST / PUT参数发送令牌?
Regards. Felix
问候。费利克斯
4 个解决方案
#1
37
I had the same need and came up with this solution:
我有同样的需求,并提出了这个解决方案:
class YourController < ApplicationController
prepend_before_filter :get_api_key
before_filter :authenticate_user!
private
def get_api_key
if api_key = params[:api_key].blank? && request.headers["X-API-KEY"]
params[:api_key] = api_key
end
end
end
Note I have my devise Devise.token_authentication_key set to api_key.
注意我的设计Devise.token_authentication_key设置为api_key。
config.token_authentication_key = :api_key
#2
4
I'm using a custom "strategy" for this: https://gist.github.com/4492569
我正在使用自定义“策略”:https://gist.github.com/4492569
#3
4
It is possible in Devise to pass a standard authentication token through query string or the header for HTTP Basic Authentication, see here. The Ruby code from the specs to pass token in the HTTP_Authorization header is
在Devise中可以通过查询字符串或HTTP基本身份验证的标头传递标准身份验证令牌,请参见此处。来自规范的Ruby代码在HTTP_Authorization标头中传递令牌
header = "Basic #{Base64.encode64("#{VALID_AUTHENTICATION_TOKEN}:X")}"
get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => header
Testing from the command line with curl would go like this:
使用curl从命令行进行测试将如下所示:
echo "HUGP59gXsd7773a75Dvc:X" | base64
=> SFVHUDU5Z1hzZDc3NzNhNzVEdmM6WAo=
curl --header "Authorization: Basic SFVHUDU5Z1hzZDc3NzNhNzVEdmM6WAo=" \
http://localhost/users.xml
#4
1
Using devise and devise-token_authenticatable, I had to set this in my config/initializers/devise.rb in order to pass the token via http headers:
使用devise和devise-token_authenticatable,我必须在我的config / initializers / devise.rb中设置它,以便通过http头传递令牌:
config.http_authenticatable = true
config.http_authenticatable = true
#1
37
I had the same need and came up with this solution:
我有同样的需求,并提出了这个解决方案:
class YourController < ApplicationController
prepend_before_filter :get_api_key
before_filter :authenticate_user!
private
def get_api_key
if api_key = params[:api_key].blank? && request.headers["X-API-KEY"]
params[:api_key] = api_key
end
end
end
Note I have my devise Devise.token_authentication_key set to api_key.
注意我的设计Devise.token_authentication_key设置为api_key。
config.token_authentication_key = :api_key
#2
4
I'm using a custom "strategy" for this: https://gist.github.com/4492569
我正在使用自定义“策略”:https://gist.github.com/4492569
#3
4
It is possible in Devise to pass a standard authentication token through query string or the header for HTTP Basic Authentication, see here. The Ruby code from the specs to pass token in the HTTP_Authorization header is
在Devise中可以通过查询字符串或HTTP基本身份验证的标头传递标准身份验证令牌,请参见此处。来自规范的Ruby代码在HTTP_Authorization标头中传递令牌
header = "Basic #{Base64.encode64("#{VALID_AUTHENTICATION_TOKEN}:X")}"
get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => header
Testing from the command line with curl would go like this:
使用curl从命令行进行测试将如下所示:
echo "HUGP59gXsd7773a75Dvc:X" | base64
=> SFVHUDU5Z1hzZDc3NzNhNzVEdmM6WAo=
curl --header "Authorization: Basic SFVHUDU5Z1hzZDc3NzNhNzVEdmM6WAo=" \
http://localhost/users.xml
#4
1
Using devise and devise-token_authenticatable, I had to set this in my config/initializers/devise.rb in order to pass the token via http headers:
使用devise和devise-token_authenticatable,我必须在我的config / initializers / devise.rb中设置它,以便通过http头传递令牌:
config.http_authenticatable = true
config.http_authenticatable = true