根据这个门卫维基,我提供API users with an OmniAuth strategy。 doorkeeper wiki on using scopes表示如果您的客户端应用程序正在请求授权URI,则执行以下操作:
http://provider.example.com/oauth/authorize?(... other params... )&scope=public+write
其中public,write是范围(例如,用于公共访问和写访问)。
如何传递这些范围参数?目前还不清楚如何将它们包含在代码中。请记住,我将拥有不同访问级别(即角色)的用户。
编辑 - 实际代码:
客户端APP
客户端应用上的 Omniauth策略代码:require 'omniauth-oauth2'
module OmniAuth
module Strategies
class Apifeed < OmniAuth::Strategies::OAuth2
# change the class name and the :name option to match your application name
option :name, :apifeed
option :client_options, {
:site => Figaro.env.oauth_provider__url,
:authorize_url => "/oauth/authorize"
}
uid { raw_info["id"] }
info do
{
:email => raw_info["email"]
# and anything else you want to return to your API consumers
}
end
def raw_info
@raw_info ||= access_token.get('1/user').parsed
end
end
end
end
每个设计gem wiki的Omniauth回调控制器:
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def apifeed
# You need to implement the method below in your model (e.g. app/models/user.rb)
@user = User.from_omniauth(request.env["omniauth.auth"])
if @user.persisted?
sign_in_and_redirect @user, :event => :authentication #this will throw if @user is not activated
set_flash_message(:notice, :success, :kind => "apifeed") if is_navigational_format?
else
session["devise.apifeed_data"] = request.env["omniauth.auth"]
redirect_to new_user_registration_url
end
end
end
登录链接
.container
.row
.col-md-12
%ul.nav.navbar-nav
- if !user_signed_in?
%li= link_to "Sign in via API", user_omniauth_authorize_path(:apifeed)
- else
%li= link_to "Sign Out", destroy_user_session_path, method: :delete
API应用
doorkeeper.rb - 配置文件
Doorkeeper.configure do
orm :active_record
# This block will be called to check whether the resource owner is authenticated or not.
resource_owner_authenticator do |routes|
# fail "Please configure doorkeeper resource_owner_authenticator block located in #{__FILE__}"
# Put your resource owner authentication logic here.
# Example implementation:
# User.find_by_id(session[:user_id]) || redirect_to(new_user_session_url)
current_user || warden.authenticate!(:scope => :user)
end
# Define access token scopes for your provider
# For more information go to
# https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
default_scopes :public
optional_scopes :admin
end
用于提供API数据的API控制器
class Api::V1::DataController < Api::ApiController
version 1
caches :index
doorkeeper_for :serve_data, :scopes => [:admin]
# PATCH/PUT
def serve_data
#here I will add some updating of the Data model(s)
expose Data.all
end
end
使用RocketPants gem进行设置的基本API控制器
class Api::ApiController < RocketPants::Base
include Doorkeeper::Helpers::Filter
private
def current_user
if doorkeeper_token
@current_user ||= User.find(doorkeeper_token.resource_owner_id)
end
end
end
*用户控制器,API端
class Api::V1::UsersController < Api::ApiController
version 1
doorkeeper_for :all
def show
expose current_user, except: [:password_digest]
end
end