I currently use Devise 2.1 + Rails 3.2.x to authenticate users. I’m also going to be adding OmniAuth-Facebook and Twitter support soon.
I wanted to use this existing infrastructure with Backbone.js. Can you let me know if this is the correct workflow from authentication perspective?
- User login via Devise (or OmniAuth)
- Use Devise’s Token Authenticatable to return a token?
- Backbone to access the token somehow and append that as part of API call? I don’t need the API to create user, that’s being handled by Devise.
Questions:
1. Is this how you’d implement it?
2. Any suggestions/code samples on #2 and #3?
3. How would you handle authorization with this? I don’t think CanCan will work.
P.S. I read through many articles, including this:
http://jessewolgamott.com/blog/2012/01/19/the-one-with-a-json-api-login-using-devise/.
They seem to be focused on authentication using the API, rather than securing the API resources after authentication is completed.
I actually got this to even a little easier by:
User logs in via Devise/OmniAuth, no authentication token needs to be created
If I use the same action that is Devise enabled to serve up the REST API, it’ll automatically use the session info to authenticate, so no additional token capture/resend is needed.
P.S. RABL is generate for creating API’s in Rails.