I've set up user auth for my rails App with Devise and Omniauth. Now I'm wondering where I should start to use the same auth for an Android and iPhone app I want to create.
Should I use a mobile version of my /auth/facebook or should I directly send a request from the app ?
This is a quite general question, but I've found nowhere to look at.
EDIT : I've just added Token Auth to the app to use with the RESTful api, I'm just missing the Omniauth/Facebook-token part.
Alright, so I'm answering my own question.
If you use the Facebook SDK, the SSO works quite good on the device, BUT, the token you receive is not the same as the one you're gonna receive on your Rails App. Apparently Facebook creates different tokens depending on the support.
So what I did was: Once I receive the token on the Android device, I send it to my rails app via the url:
http://myapp/check_mobile_login?token=FB_MOBILE_TOKEN
This is then caught by my Application controller, which uses the Token with the fb_graph gem to fetch user data. If the Token is valid I'm going to receive some pieces of information. I then check with my database, and, if I find the same UID, then my user is authenticated and I send him back the Authentificable_token from Devise.
And the draft code :
def check_mobile_login
token = params[:token]
user = FbGraph::User.me(token)
user = user.fetch
logged = User.find_by_uid(user.identifier)
respond_to do |format|
format.html # index.html.erb
format.json { render :json => logged.authentication_token }
end
end
If anyone has a better solution, I would be glad to hear that :)