I have been experimenting with providing API for my own Rails 3 app and
I
implemented the OAuth-provider. With OAuth-provider, access_token is the
king. Now, my idea is my users will invoke the API like:
GET requests (e.g. for listing the instances of a “Comment” resource) –
curl
‘http://127.0.0.1:3000/comments.xml?access_token=4fcdab32-3777-4fc0-85fd-71f4ef5c7986’
POST requests (e.g. posting a form for creating a new comment) – curl
-F
“text=incredible article!” -F
“access_token=4fcdab32-3777-4fc0-85fd-71f4ef5c7986” -F “article_id=1”
http://127.0.0.1:3000/comments.xml
(All the requests are on SSL in production).
I implemented the Rack middleware as: gist:2582579 · GitHub –
basically, it looks at the request and sets the associated user_id in
the
session if the request has valid access_token.
It works well for GET requests, but fails for POST request. The session
I
modified in the Middleware is simply not available in
ApplicationController
in the same request!
I have made sure that
use ActionDispatch::Session::CookieStore appears “before” my Rack
Middleware.
What confuses me is it works for GET requests and not for POST requests.
Does this make sense?
Any idea what I may be doing wrong? (Almost about to give up on Rack and
resorting to before_filter …)
Regards,
Kedar