tags:

views:

72

answers:

2
Q: 

How do you authenticate user generated "apps" for your app?

I'm think something like Facebook apps here. User generated pieces of code that people can write to interact with my app.

I understand how an authenticated API works, but this seems a little more complicated because not only does the APP have to authenticate itself (with a regular api-key) but the USER using the app has to be authenticated somehow too, without giving the app free reign.

I've been reading a bit here to see how FB does it: http://wiki.developers.facebook.com/index.php/How_Facebook_Authenticates_Your_Application

And it looks like you have to pass a signature in addition to the api-key along with every call, but I'm having trouble wrapping my head around how this gets generated and used on the other end (my server).

Figure there must be a simple explanation of this out there? Thanks!

P.S. I'm building a Rails app if there are any applicable gems/plugins.

A: 

This may be what I need:

http://github.com/phurni/authlogic_api

Brian Armstrong  2010-04-02 05:28:10
The top answer here was also revealing:http://stackoverflow.com/questions/247110/looking-for-suggestions-for-building-a-secure-rest-api-within-ruby-on-rails
Brian Armstrong  2010-04-02 07:25:23
A: 

Did you have any success with authlogic_api? I'm working on the server-side for a Steam game, where users are logged in through Steam, so I'm only responding to REST calls from the client (no user login required). The rdocs for authlogic_api give some brief set-up info, but I'm struggling with what to do in the application_controller to restrict access; essentially the equivalent of this code from the authlogic example:

http://github.com/binarylogic/authlogic_example/blob/5819a13477797d758cb6871f475ed1c54bf8a3a7/app/controllers/application_controller.rb

JayZeeNYC  2010-06-23 21:32:26
I ended up going a different route on this project, so not sure - it may have worked. Sorry I couldn't be more help! Making a Steam game sounds pretty fun though.
Brian Armstrong  2010-06-24 17:50:20
Worked well in the end. Details here for anyone who stumbles across this...http://stackoverflow.com/questions/3111869/using-authlogic-api-for-rails-rest-api-access
JayZeeNYC  2010-08-18 15:59:46

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.