Authentication token is not working

时间:2017-11-13 06:07:49

标签: ruby-on-rails devise

Not an issue with the gem but I just need some help with returning token.

I am using devise_auth_token gem in my rails-api app.

I have a route in my api app that will response

{ "url": google-oauth-login-url } The frontend app use that route to put it in the login with google btn.

After a user click in the btn they will be redirected to google oauth page and after filling in the details they will be then redirected to the frontend home page with the google code in the url.

The frontend app will send a req to the api server with the code and the server will req to the google server again to exchange that google code for access-token, refresh token and all that.

After the server receives those token, the server again makes another req to the google server to fetch user profile.

The user is then saved to db with the access token as well.

password = Devise.friendly_token[0,10]
@resource = Employee.new({
                name: user_info["displayName"], 
                admin: true, 
                first_name: CustomRegex.japanese?(user_info["name"]["givenName"]) ? '' : user_info["name"]["givenName"],
                last_name: CustomRegex.japanese?(user_info["name"]["familyName"]) ? '' : user_info["name"]["familyName"],
                email: user_info["emails"][0]["value"],
                password: password,
                password_confirmation: password
                })

      @client_id = SecureRandom.urlsafe_base64(nil, false)
      @token     = SecureRandom.urlsafe_base64(nil, false)
      # @resource = Employee.find user.id
      @resource.tokens[@client_id] = {
              token: BCrypt::Password.create(@token),
              expiry: (Time.now + DeviseTokenAuth.token_lifespan).to_i
      }
      @resource.skip_confirmation!
    @resource.save!
      # @resource.save!(validate: false)
      # sign_in @resource
            return render json: {client_id: @client_id, expiry: @resource.tokens[@client_id][:"expiry"],
                                                     token: @token, uid: @resource.uid
                                                    }

I used the returned cliend_id expiry, token and uid in the header to make a req to my api and it gave me not authorized error. Can you tell me what I am doing wrong?

1 个答案:

答案 0 :(得分:0)

这就是我解决问题的方法

skip_after_action :update_auth_header, :only => [:token_for_code]
def log_in_or_create_employee(user_info)
    @resource = Employee.find_by email: user_info["emails"][0]["value"]
    if @resource.nil?
        password = Devise.friendly_token[0,10]
        @resource = Employee.new({
            name: user_info["displayName"], 
            admin: true, 
            first_name: CustomRegex.japanese?(user_info["name"]["givenName"]) ? '' : user_info["name"]["givenName"],
            last_name: CustomRegex.japanese?(user_info["name"]["familyName"]) ? '' : user_info["name"]["familyName"],
            email: user_info["emails"][0]["value"],
            password: password,
            password_confirmation: password
            })
    end
        @client_id = SecureRandom.urlsafe_base64(nil, false)
  @token     = SecureRandom.urlsafe_base64(nil, false)
  @resource.tokens[@client_id] = {
          token: BCrypt::Password.create(@token),
          expiry: (Time.now + DeviseTokenAuth.token_lifespan).to_i
  }
  @resource.skip_confirmation!
        @resource.save!
        return render json: {client_id: @client_id, expiry: @resource.tokens[@client_id][:"expiry"],
                                                 token: @token, uid: @resource.uid
                                                }
end
相关问题
最新问题