How can I implement authentication in my API?

andrew · June 18, 2009, 4:10am

I’m developing an API for my site, and I’m wondering how I can make it
so requests require basic access authentication (like in Twitter’s API
for example)? I’m using restful-authentication on Rails 2.3.2. Thanks!

andrew · June 18, 2009, 5:48am

Andrew wrote:

I’m developing an API for my site, and I’m wondering how I can make it
so requests require basic access authentication (like in Twitter’s API
for example)?
[…]

I’m no expert on this, but perhaps you want to use OAuth like Twitter
has done.

Best,

Marnen Laibow-Koser
http://www.marnen.org
[email protected]

andrew · June 18, 2009, 7:06pm

There’s already support for basic auth in restful-authentication; it
only gets used by default for (off the top of my head) JSON and XML
formatted requests. The support is pretty simple - take a look at (in
restful_auth) AuthenticatedSystem#access_denied, and also the core
docs for ActionController::HttpAuthentication.

–Matt J.

andrew · June 19, 2009, 5:20am

Thanks Matt, that’s exactly what I was looking for.

andrew · July 16, 2009, 5:18pm

Can you post your code how you fixed it please!
I am using also restful authentication and want to provide basic
authenticaton for xml!

Thank you

Wouter

andrew · July 16, 2009, 8:37pm

def authenticate
@current_user = authenticate_or_request_with_http_basic { |u, p|
User.authenticate(u, p) }
end

Use as a before filter.

andrew · July 17, 2009, 11:21pm

But with this code i have to authenticate every time when i try to
access the website…

I have this code for authenticate:

def authenticate
case request.format
when Mime::XML, Mime::ATOM
if self.user = authenticate_or_request_with_http_basic { |u,
p| User.authenticate(u, p) }
@current_user = user
else
request_http_basic_authentication
end
else
user = User.find_by_remember_token(cookies[:auth_token])
end
end

But when i try to access an xml resource i get the authentication
dialog and i get a page with error (ouldn’t find Profile without an
ID)
and when i refresh i get the right xml page… How can i fix this… My
authentication doesnt work because of this on android!

Thank you

andrew · July 22, 2009, 11:10am

But with this code i have to authenticate every time when i try to
access the website…

I have this code for authenticate:

def authenticate
case request.format
when Mime::XML, Mime::ATOM
if self.user = authenticate_or_request_with_http_basic { |u,
p| User.authenticate(u, p) }
@current_user = user
else
request_http_basic_authentication
end
else
user = User.find_by_remember_token(cookies[:auth_token])
end
end

But when i try to access an xml resource i get the authentication
dialog and i get a page with error (ouldn’t find Profile without an
ID)
and when i refresh i get the right xml page… How can i fix this… My
authentication doesnt work because of this on android!

Thank you