4
我已經在網上爲我的rails應用程序完美地運行了omniauth。我也爲我們的iPhone應用創建了一個API來進行交互,並且我試圖讓omniauth工作。Omniauth在Rails API中進行提供者身份驗證
有沒有辦法將訪問令牌(從集成的iOS集成與Facebook.app接收)傳遞給omniauth以在數據庫中創建提供程序條目?
現在在我的web應用程序,我有以下代碼
def create
omniauth = request.env["omniauth.auth"]
user = User.where("authentications.provider" => omniauth['provider'], "authentications.uid" => omniauth['uid']).first
if user
session[:user_id] = user.id
flash[:notice] = t(:signed_in)
redirect_to root_path
elsif current_user
user = User.find(current_user.id)
user.apply_omniauth(omniauth)
user.save
flash[:notice] = t(:success)
redirect_to root_path
else
session[:omniauth] = omniauth.except('extra')
flash[:notice] = "user not found, please signup, or login. Authorization will be applied to new account"
redirect_to register_path
end
end
如果你只是通過FB oauth標記原始的那樣,難道你不是在繞過整個oauth過程和假設的安全好處嗎? – freedrull