Authenticating against a remote service using Authlogic

Question

I need to allow users to login to spree using a non-standard authentication service. Users in my community all have accounts on another 3d party service set up for us. That service provides a web-service that takes a login and password, and returns a userId if successful. As an admin I can then query for user profile information.

I've been imagining that when a user attempts to log in, I run their credentials against the remote service, and if successful, store the username and then retrieve the profile information and push that into the db (name, address, etc...). Is that the right approach? How would I even do that?

Answer 1

Hi,

Although I have not used spree, if this involves Authlogic (as your subject line suggests) then you can write you own method to validate users, instead of relying on Authlogic to validate against local database.

In your UserSession model:

class UserSession < Authlogic::Session::Base
  verify_password_method :my_custom_auth_method
  ...

Then in your User model:

def my_custom_auth_method(password_plaintext)
  # user 'password_plaintext' and 'self.username' to validate 
  # against remote service returning true or false
end

If you want to use Authlogic's validation in addition to your own method, you can call valid_password?(password_plaintext) from within your custom verify_password_method.

Not sure if this is what you mean, but hope it helps!