On 1/11/07, Justin W. [email protected] wrote:
Use HTTP AUTH. Check this out for more information:
There’s also the restful_authentication plugin:
I actually am using the restful_authentication plugin to handle
authentication…it’d be sweet if I could just use that without making
too many changes.
Basically the problem is that the authentication is stored in the
session (as the first link discusses). So if my client code isn’t
managing a session, I can’t use it.
Net::HTTP.start(‘localhost’, 3000) do |http|
http.post “/sessions”, “login=myusername&password=mypassword”
response = http.post “/users/7/books”, “book[title]=supercool”
That should create a new book resource, but it just redirects to the
login page. I can only assume that it’s because Net::HTTP.start
doesn’t actually handle session stuff.
One approach that I’ve seen is to have an API key and pass that in as
a parameter on requests. That seems like it’d probably be the easiest
approach. I don’t know if it’s best though.
I’d like to figure out the best way to do this, ideally just using
restful_authentication and all the user info I have right now.
Clients are going to be whatever they want to be…I just need a way
of controlling access to the resources we’re exposing.