具有自定义设计策略(SSO)的门卫OAuth提供商

时间:2015-09-23 05:56:17

标签: ruby-on-rails authentication oauth devise doorkeeper

我正在构建多个应由相同用户使用的rails应用。因此,使用OAuth进行单点登录会很不错。

此时我有两个不同的应用程序:

ID - 处理所有用户资料(姓名,头像,电子邮件,身份验证) 团队 - 应该能够通过OAuth使用ID的用户

ID与门卫一起运行,TEAM使用设计进行身份验证。

我的问题是,如果我想使用我的门卫OAuth提供程序登录团队,我总是会收到无效的凭据错误 - 我只是不知道该怎么做。

这是我的设置:

ID 

# config/routes.rb

# oauth2 sso
use_doorkeeper

namespace :api do
  namespace :v1 do
    # another api routes
    get '/me' => "credentials#me"
  end
end


# controllers/api/v1/api_controller.rb
module Api::V1
  class ApiController < ::ApplicationController
    def current_resource_owner
      User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
    end
  end
end


# controllers/api/v1/credentials_controller.rb
module Api::V1
  class CredentialsController < ApiController
    doorkeeper_for :all
    respond_to :json

    def me
      respond_with current_resource_owner
    end
  end
end

我添加了一个带回调http://team.dev/users/auth/doorkeeper/callback的应用程序。

TEAM 

# gemfile
gem 'devise'
gem 'omniauth'
gem 'omniauth-oauth2'


# config/routes.rb
devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" } do
  get 'sign_out', :to => 'users/sessions#destroy', :as => :destroy_user_session
end


# lib/omniauth/strategies/doorkeeper.rb
require 'omniauth-oauth2'

module OmniAuth
  module Strategies
    class Doorkeeper < OmniAuth::Strategies::OAuth2
      # change the class name and the :name option to match your application name
      option :name, :doorkeeper

      option :client_options, {
        :site => "http://aubrey-id.dev",
        :authorize_url => "/oauth/authorize"
      }

      uid { raw_info["id"] }

      info do
        {
          :email => raw_info["email"]
          # and anything else you want to return to your API consumers
        }
      end

      def raw_info
        @raw_info ||= access_token.get('/api/v1/me.json').parsed
      end
    end
  end
end

# config/initializers/devise.rb
require File.expand_path('lib/omniauth/strategies/doorkeeper', Rails.root)

Devise.setup do |config|
  config.omniauth :doorkeeper, 'APP ID', 'APP SECRET'
end


# controllers/users/omniauth_callbacks_controller.rb
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  def doorkeeper
    oauth_data = request.env["omniauth.auth"]
    @user = User.find_or_create_for_doorkeeper_oauth(oauth_data)
    @user.update_doorkeeper_credentials(oauth_data)
    @user.save

    sign_in_and_redirect @user
  end
end


# controllers/users/sessions_controller.rb
class Users::SessionsController < Devise::SessionsController
end


# models/user.rb
class User < ActiveRecord::Base
  devise :omniauthable

  def self.find_or_create_for_doorkeeper_oauth(oauth_data)
    User.find_or_initialize_by_doorkeeper_uid(oauth_data.uid).tap do |user|
      user.email = oauth_data.info.email
    end
  end

  def update_doorkeeper_credentials(oauth_data)
    self.doorkeeper_access_token = oauth_data.credentials.token
  end
end

如果我现在尝试使用门卫进行身份验证,我得到的是无效的凭据错误。

希望有人对我有所暗示!

0 个答案:

没有答案
相关问题
最新问题