rails-api authentication by header's token
Solution 1
I am in the process of developing a service using the rails-api. We haven't deployed yet, but are nearing that time, and haven't had any issues in testing. You need to include any non-essential modules which you want to use, as rails-api is trimmed right down. I am using authenticate_or_request_with_http_token in ApplicationController like so:
include ActionController::HttpAuthentication::Token::ControllerMethods
def authenticate
authenticate_or_request_with_http_token do |token, options|
apiKey = ApiKey.where(auth_token: token).first
@current_user = apiKey.user if apiKey
end
end
If you just want the token, there is a handy method token_and_options:
include ActionController::HttpAuthentication::Token
def current_user
api_key = ApiKey.where(auth_token: token_and_options(request)).first
User.find(api_key.user_id) if api_key
end
Solution 2
From the README:
Basic, Digest and Token Authentication: Rails comes with out-of-the-box support for three kinds of HTTP authentication.
So, yes, this is production ready (it's still Rails after all). The example you linked to is the way to go (the trick is to include only what you need from Action Pack).
Related videos on Youtube
![Rails API: Token Authentication Part 1 - [006]](https://i.ytimg.com/vi/lgdUqtw4weg/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLCo5NU5TrYKn9rWrg9OKEetWVn3ZA)
14 : 00
07 : 37
14 : 52
01 : 13
04 : 25
19 : 37
59 : 09
Anatoly
Updated on June 04, 2022Comments
-
Anatoly almost 2 years
I'd like to work with rails-api gem special to create API-only application. To provide authentication mechanism I want to use built-in authenticate_or_request_with_http_token method described in Railscasts #352, but this method in missing here.
Does anybody have an experience with on rails-api gem?
P.S. I can see this approach, but is this production-ready?
-
Anatoly almost 12 yearsyou say it's production ready based on documentation, do you have an experience to use it in production?
-
Oscar Del Ben almost 12 yearsIt's Rails, Rails is production ready. You're just including single modules instead of loading the whole thing.
-
Anatoly almost 12 yearsyou missed the point, I have good experience with Rails and decided to use Rails itself to build an API. Rails-api is immature skeleton yet (we should dig into Rails and choose appropriate modules), but I'm looking forward to use it later
-
Anatoly almost 12 yearsso from your perspective, rails-api covers everything you need to build an API?
-
Jon Rutherford almost 12 yearsThe only thing I needed & which it didn't have was the HttpAuthentication module, which was very easy to include. So yes, it has pretty much everything.
-
Anatoly almost 12 yearswhat about caching strategies? does it support everything you need?
-
Jon Rutherford almost 12 yearsI can't help you there sorry. Our release #1 is for a small number of internal users. Optimization will come with time. I was looking at Cached Model for simple single row queries, but haven't put it into practice yet.
-
pwightman almost 11 yearsFWIW we've been using it in production for some time and it's been excellent.
-
Throoze almost 8 yearsIs there any way to get the authenticated user in the action?
