Token authentication

[statiklabs]

Hi Noam. Great work on the Sorcery gem. Is token authentication something that would find it's way into Sorcery on day?

[NoamB]

Yes, it's been asked for a few times. Since v0.7.0 is nearly done, it is set for v0.8.0. The issue will stay here until it's done. Thanks.

[statiklabs]

Great to hear. I will keep plugging away with Sorcery then. Look forward to the 0.8.0.0 release!

Thanks for your hard work, making mine easier!

[theodorton]

Token authentication would be great for use with mobile app backends and Web Services :)

I'll try and look into this over the weekend. Maybe I can submit a pull request!

Anyway, +1 from me.

[henningms]

+1

Would love to see this feature, would really make mobile-development easier :)

[NoamB]

Hi, I'm not getting to it...

I was thinking about an API like this:

require_login :token_allowed => true, :only => [:json]

This way it extends require_login to allow or disallow tokens, and only for specific formats.

I would probably do it in a new submodule.

If anyone wants to 'lift the glove', it shouldn't be much trouble implementing.

On Fri, Mar 30, 2012 at 3:19 PM, Henning M. Stephansen < reply@reply.github.com

wrote:

+1

Would love to see this feature, would really make mobile-development easier :)

---

Reply to this email directly or view it on GitHub: https://github.com/NoamB/sorcery/issues/70#issuecomment-4841349

[NoamB]

Actually require_login has all the options of a before filter, so I shouldn't touch 'only'.

Maybe another before filter, allows_token_authentication.

Not sure. How is it done in other gems?

[philostler]

Atm I'm building my app in the hope token authentication comes along before I start building my API.

Seeing this feature in there would be a massive +100 from me

[ADO]

+1

Authlogic was a good one for this back in the day although it's methodology may be outdated now, I'm not sure: see Single Access Token module and Session Params module

[NoamB]

I'm thinking this design:

1. on password creation/update create another field - auth_token
2. a new before_filter - 'allow_token_authentication' needs to be placed in the controller (along with options like format and allowed actions). This sets some var for this controller, and when 'auto_login' is called under the hood, it will try to login from the auth_token as well.

Also the whole thing might be a new submodule and not in the default.

[philostler]

That design sounds ideal, only side note I'd say is allowing the auth_token to generated on request by the application as well and not just when the password gets touched.

[grigio]

+1 What do you think about integrate something like this http://railscasts.com/episodes/352-securing-an-api?view=asciicast

[lephyrius]

+1

[trnc-ck]

+1

[lephyrius]

Now that sorcery 0.8.0 has been released how do I use this feature? A tiny example would be nice. :)

[atrauzzi]

I'm curious as to the status of this. Think it's okay to manually implement my own token authentication using authenticate_or_request_with_http_token in my rails-api app in the meantime?

[davidchua]

I am working on an api using sorcery and this is certainly something I'd love to have.

[fzagarzazu]

Hello everybody, hi Noam.

I just sent a pull request that adds supports for access tokens in RESTful JSON APIs and extends the external submodule to support OAuth 2.0 For Login (client side flow).

https://github.com/NoamB/sorcery/pull/415

I needed this for a pet project that I have been working on my free time, an angularjs app with rails-api as the backend server.

I would really appreciate if you guys could test it, code reviews would be great too.

Support for mongoid and mongomapper is included, but I don't use mongodb so if you plan to use it please do review the code to make sure everything works correctly.

Instructions are in the README.

Let me know what you guys think.

Regards,

[kristianmandrup]

@ fzagarzazu Awesome! +1

Would be nice with a small demo app on github demonstrating this feature :) Cheers!

[fzagarzazu]

I have just published a quick demo with rails-api and OAuth 2.0 for login.

https://github.com/fzagarzazu/sorcery_access_token_demo

Hope it helps, regards,

@kristianmandrup

[mrcwinn]

+1

[PapePathe]

+1

[ammancilla]

Any update about it?. +1

[kirs]

I have plans on this feature, but it will probably be in 1.x release.

[ammancilla]

Glad to know that! Thanks for your work.

[nathanpsouza]

This was implemented?

[holden]

What's the status of this awesome feature?

[FUT]

Three years have passed :) I am sure it will be easier to implement app-specific solution

[volisoft]

Is token authentication planned for 1.x release?

[Mehonoshin]

Seems that we should use some custom implementation of tokens :)

[arjayx]

hi excelent work. Thanks

I was wondering, if was implemented this feature ?

[Ch4s3]

@arjayx the gem is transitioning to new maintainers, is this a useful feature for? If a few folks weigh in, it will make it onto the 1.0 roadmap. @Mehonoshin, @volisoft, and @FUT, are you all still using Sorcery?

[Mehonoshin]

@Ch4s3 yep, still using

[Ch4s3]

@Mehonoshin would JWT/ruby-jwt integration work for you?

[volisoft]

@Ch4s3 I'm no longer using Sorcery

[Mehonoshin]

@Ch4s3 we've implemented some workaround, but anyway jwt looks good for token authentication

[Ch4s3]

@volisoft, if you don't mind me asking, what are you using now and what features does it provide that sorcery does not? Thanks @Mehonoshin.

[arjayx]

@Ch4s3 I wondered about feature Token for restfull api and be able to implement sorcery in projects that could have mobile clients

[Ch4s3]

@arjayx interesting, let me look into how people do that

[liyijie]

@Ch4s3 Is there any plan to support this feature? Thanks.

[Ch4s3]

I think its on the 1.0 agenda.