我正在构建多个应由相同用户使用的rails应用。因此,使用OAuth进行单点登录会很不错。
此时我有两个不同的应用程序:
ID - 处理所有用户资料(姓名,头像,电子邮件,身份验证) 团队 - 应该能够通过OAuth使用ID的用户
ID与门卫一起运行,TEAM使用设计进行身份验证。
我的问题是,如果我想使用我的门卫OAuth提供程序登录团队,我总是会收到无效的凭据错误 - 我只是不知道该怎么做。
这是我的设置:
ID
# config/routes.rb
# oauth2 sso
use_doorkeeper
namespace :api do
namespace :v1 do
# another api routes
get '/me' => "credentials#me"
end
end
# controllers/api/v1/api_controller.rb
module Api::V1
class ApiController < ::ApplicationController
def current_resource_owner
User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
end
end
end
# controllers/api/v1/credentials_controller.rb
module Api::V1
class CredentialsController < ApiController
doorkeeper_for :all
respond_to :json
def me
respond_with current_resource_owner
end
end
end
我添加了一个带回调http://team.dev/users/auth/doorkeeper/callback
的应用程序。
TEAM
# gemfile
gem 'devise'
gem 'omniauth'
gem 'omniauth-oauth2'
# config/routes.rb
devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" } do
get 'sign_out', :to => 'users/sessions#destroy', :as => :destroy_user_session
end
# lib/omniauth/strategies/doorkeeper.rb
require 'omniauth-oauth2'
module OmniAuth
module Strategies
class Doorkeeper < OmniAuth::Strategies::OAuth2
# change the class name and the :name option to match your application name
option :name, :doorkeeper
option :client_options, {
:site => "http://aubrey-id.dev",
:authorize_url => "/oauth/authorize"
}
uid { raw_info["id"] }
info do
{
:email => raw_info["email"]
# and anything else you want to return to your API consumers
}
end
def raw_info
@raw_info ||= access_token.get('/api/v1/me.json').parsed
end
end
end
end
# config/initializers/devise.rb
require File.expand_path('lib/omniauth/strategies/doorkeeper', Rails.root)
Devise.setup do |config|
config.omniauth :doorkeeper, 'APP ID', 'APP SECRET'
end
# controllers/users/omniauth_callbacks_controller.rb
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def doorkeeper
oauth_data = request.env["omniauth.auth"]
@user = User.find_or_create_for_doorkeeper_oauth(oauth_data)
@user.update_doorkeeper_credentials(oauth_data)
@user.save
sign_in_and_redirect @user
end
end
# controllers/users/sessions_controller.rb
class Users::SessionsController < Devise::SessionsController
end
# models/user.rb
class User < ActiveRecord::Base
devise :omniauthable
def self.find_or_create_for_doorkeeper_oauth(oauth_data)
User.find_or_initialize_by_doorkeeper_uid(oauth_data.uid).tap do |user|
user.email = oauth_data.info.email
end
end
def update_doorkeeper_credentials(oauth_data)
self.doorkeeper_access_token = oauth_data.credentials.token
end
end
如果我现在尝试使用门卫进行身份验证,我得到的是无效的凭据错误。
希望有人对我有所暗示!