Home/ Questions/Q 8052905
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T07:41:03+00:00

I have an API and a Web app working with Rails and Devise gem

  • 0

I have an API and a Web app working with Rails and Devise gem for authentication.
With Devise and Omniauth I can make the Signup with facebook and Login with Facebook through the web site.
I have my API protected with token_authenticable and a TokensController, so when you want to interact with my API first you have to pass to the TokensController your username and password and it will give you a valid token, my problem is what happen when the user is sign up with facebook, Shall I pass to the TokensController the username and the facebook token to generate the token? are there some standard way to do this?

Thanks for the comments.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Thanks for the comments; After thinking which one would be the best option, Here is what I finally did:

    Note: I separate the code in client and server side(API)

    Client Side:

    • Get the Facebook token and the Facebook user ID for a certain user.
    • Call the API method Create method from TokensController, with the parameters I got above.

    Server side:

    • I receive the Facebook token and the Facebook User ID.
    • Using the Facebook Token I get the Facebook User ID from the API.
    • I validate that the receive UID from the request and the Facebook UID are the same.
    • If the UID are the same I generate a random token for my app and I return it in the response.

    Note: All the communication is done via HTTPS.

    • 0