如何在门卫gem的OmniAuth策略中传递范围参数?

时间:2014-07-23 00:40:05

标签: ruby-on-rails ruby oauth-2.0 omniauth doorkeeper

根据这个门卫维基,我提供API users with an OmniAuth strategydoorkeeper wiki on using scopes表示如果您的客户端应用程序正在请求授权URI,则执行以下操作:

http://provider.example.com/oauth/authorize?(... other params... )&scope=public+write

其中public,write是范围(例如,用于公共访问和写访问)。

如何传递这些范围参数?目前还不清楚如何将它们包含在代码中。请记住,我将拥有不同访问级别(即角色)的用户。

编辑 - 实际代码:

客户端APP

客户端应用上的 Omniauth策略代码:

require 'omniauth-oauth2'

module OmniAuth
  module Strategies
    class Apifeed < OmniAuth::Strategies::OAuth2
      # change the class name and the :name option to match your application name
      option :name, :apifeed

      option :client_options, {
        :site => Figaro.env.oauth_provider__url,
        :authorize_url => "/oauth/authorize"
      }

      uid { raw_info["id"] }

      info do
        {
          :email => raw_info["email"]
          # and anything else you want to return to your API consumers
        }
      end

      def raw_info
        @raw_info ||= access_token.get('1/user').parsed
      end
    end
  end
end

每个设计gem wiki的Omniauth回调控制器:

class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  def apifeed
    # You need to implement the method below in your model (e.g. app/models/user.rb)
    @user = User.from_omniauth(request.env["omniauth.auth"])
    if @user.persisted?
      sign_in_and_redirect @user, :event => :authentication #this will throw if @user is not activated
      set_flash_message(:notice, :success, :kind => "apifeed") if is_navigational_format?
    else
      session["devise.apifeed_data"] = request.env["omniauth.auth"]
      redirect_to new_user_registration_url
    end
  end
end

登录链接

.container
  .row
    .col-md-12
      %ul.nav.navbar-nav
        - if !user_signed_in?
          %li= link_to "Sign in via API", user_omniauth_authorize_path(:apifeed)
        - else
          %li= link_to "Sign Out", destroy_user_session_path, method: :delete

API应用

doorkeeper.rb - 配置文件

Doorkeeper.configure do

  orm :active_record

  # This block will be called to check whether the resource owner is authenticated or not.
  resource_owner_authenticator do |routes|
    # fail "Please configure doorkeeper resource_owner_authenticator block located in #{__FILE__}"
    # Put your resource owner authentication logic here.
    # Example implementation:
    #   User.find_by_id(session[:user_id]) || redirect_to(new_user_session_url)
     current_user || warden.authenticate!(:scope => :user)
  end


  # Define access token scopes for your provider
  # For more information go to
  # https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
  default_scopes  :public
  optional_scopes :admin

end

用于提供API数据的API控制器

class Api::V1::DataController < Api::ApiController

  version 1

  caches :index

  doorkeeper_for :serve_data, :scopes => [:admin]
  # PATCH/PUT
  def serve_data
     #here I will add some updating of the Data model(s)
    expose Data.all
  end
end

使用RocketPants gem进行设置的基本API控制器

class Api::ApiController < RocketPants::Base
  include Doorkeeper::Helpers::Filter
  private
    def current_user
      if doorkeeper_token
        @current_user ||= User.find(doorkeeper_token.resource_owner_id)
      end
    end
end

*用户控制器,API端

class Api::V1::UsersController < Api::ApiController
  version 1

  doorkeeper_for :all

  def show
    expose current_user, except: [:password_digest]
  end
end

0 个答案:

没有答案