Devise Omniauth and Iphone/Android App

rnaud picture rnaud · Jan 26, 2011 · Viewed 8.9k times · Source

I've set up user auth for my rails App with Devise and Omniauth. Now I'm wondering where I should start to use the same auth for an Android and iPhone app I want to create.

Should I use a mobile version of my /auth/facebook or should I directly send a request from the app ?

This is a quite general question, but I've found nowhere to look at.

EDIT : I've just added Token Auth to the app to use with the RESTful api, I'm just missing the Omniauth/Facebook-token part.

Answer

rnaud picture rnaud · Feb 1, 2011

Alright, so I'm answering my own question.

If you use the Facebook SDK, the SSO works quite good on the device, BUT, the token you receive is not the same as the one you're gonna receive on your Rails App. Apparently Facebook creates different tokens depending on the support.

So what I did was: Once I receive the token on the Android device, I send it to my rails app via the url:

http://myapp/check_mobile_login?token=FB_MOBILE_TOKEN

This is then caught by my Application controller, which uses the Token with the fb_graph gem to fetch user data. If the Token is valid I'm going to receive some pieces of information. I then check with my database, and, if I find the same UID, then my user is authenticated and I send him back the Authentificable_token from Devise.

And the draft code :

    def check_mobile_login
        token = params[:token]

        user = FbGraph::User.me(token)
        user = user.fetch

        logged = User.find_by_uid(user.identifier)

        respond_to do |format|
            format.html # index.html.erb
            format.json { render :json => logged.authentication_token }
        end
    end

If anyone has a better solution, I would be glad to hear that :)