OAuth Support ... about grape HOT 28 CLOSED

Yeah! Waiting for that too.

from grape.

+1, would love to see OAuth 2 support!

from grape.

+1 happy to help where I'm able...

from grape.

+1

from grape.

We do OAuth with Grape and Devise, see http://code.dblock.org/grape-api-authentication-w-devise

from grape.

Oh man oh man would I love this!

from grape.

Yes, please.

from grape.

I think the best approach here would be to link with rack-oauth2-server: https://github.com/flowtown/rack-oauth2-server

It does have a MongoDB dependency, but it's pretty clean and well tested so it should be easy to swap it out for something else, or at least add on an adapter pattern so that it's possible to use multiple datastores.

It's possible there's a better oauth2 server implementation I'm not yet aware of, if anybody else knows about it please add it here as a candidate. The two things I think are important here are datastore agnosticism (ability to plug multiple backends in), and a popular and/or recent oauth2 implementation (either draft 10 or the latest draft). Bonus points if it can support the EM-Synchrony non-blocking IO w/fibers code.

from grape.

BTW We actually need something like this coming up at Geoloqi, so if I can find a good oauth2 server to plug into the Grape OAuth2 middleware, I may be interested in implementing this code. But it must meet my two criteria above, else it's kindof a waste of time for me.

from grape.

IMHO Grape can't help much with this. We all want to plug OAuth2 transparently, but an API is not the right place.

OAuth2 is two methods, authorize and access_token. access_token is easily implementable in Grape, it needs to be aware of client_id and issue an access grant - it also returns JSON. But authorize produces a redirect for an authenticated user, it involves a login in a browser before it can be called.

So, now, why would you complicate your life bouncing between a Grape API and some web stack (eg. Rails) to do it? Or worse, render an HTML login from a Grape API?

The opposite works, a token obtained via an OAuth2 process done in an external OAuth2 server can easily be verified in a Grape API.

from grape.

hi, dblock
can you give a example about how to do it?

from grape.

See above, http://code.dblock.org/grape-api-authentication-w-devise.

from grape.

@mbleigh @jch you guys have any thoughts on this?

from grape.

Might be relevant to this ticket:
https://github.com/intridea/grape/blob/master/lib/grape/middleware/auth/oauth2.rb

This was added with the comment "Added OAuth 2.0 middleware (only for accessing protected resources at this point)"

from grape.

Intriguing.

from grape.

What's about the Warden-Oauth2?

from grape.

I'm using https://github.com/nov/rack-oauth2 in my sinatra app. It works quite well and leaves the ORM part up to you. It supports up to draft 18 of the oauth2 spec, bearer tokens, hmac, the authorization code, implicit, resource owner credential, and client crediant grant types. It just lacks documentation and you really have to look at the source and the example apps to figure out how to use it.

from grape.

@kamui What I think we would really like is a working sample with a HowTo integrating any OAuth2 mechanism with Grape. Care to contribute? Could go into the wiki or I could like a post from there.

from grape.

I've added a section on authentication here, with examples for Basic and Digest auth and redirecting users to warden-oauth2 and rack-oauth2, both work with Grape just fine.

from grape.

Unfortunately we don't use Warden and I have absolutely no idea how to make rack-oauth2 work with Grape. Suggestions?

from grape.

Is oauth2.rb usable?

I've been trying to work with it, but it does not seem to respect the pattern of other auth classes, it inherits ::base instead of auth::base and has no method like http_oauth2

Is it work in progress? Do you guys need help with it?

from grape.

@Balauru We probably do need help with it. It's one of the oldest pieces of code in Grape and isn't getting a lot of mileage. I almost wonder whether we should take all that stuff out into a separate gem.

from grape.

@dblock this is my concluzion as well, I've took a look at rack and it actually has auth implementations, I think a better place for it will be in there.

The second option will be to just drop it and build a decent sample on how to integrate with rack-oauth2 (I currently working on it)

from grape.

+10 on that @Balauru I take pull requests!

from grape.

https://github.com/balauru/grape-oauth2-sample

I've create a sample, is a rack app running a grape api and secured via OAuth2 via rack-oauth2. After running rackup you can navigate to http://localhost:9292/apidoc to see a list of end points.

I still need to put in the redirection and the authentication endpoint, feedback is greatly appreciated.

from grape.

I've added it to the wiki. Looking forward to seeing some PRs and HowTo's and getting some of this OAuth code out of Grape proper.

from grape.

Also you could look at the grape_oauth2 gem. The main goals of this project are ORM independence (but there are predefined mixins for ActiveRecord and Sequel and API documentation for any other ORM or PORO objects) and maximum customization. The gem is currently under development (and everybody could help with it), but it's already implements the next features:

• Resource Owner Password Credentials Flow
• Client Credentials Flow
• Refresh token Flow
• Token revocation
• Access Token Scopes

from grape.

@nbulaj You should add it to http://www.ruby-grape.org/projects/ please

from grape.