AuthPassportCheckpoint
Setup Sso Clyent
Setup AuthOriginControl
Usage
end client app
get current_user
# # Store token in session # # Send request to ominauth with session token on each request, # # Sign request to omniauth using auth_origin_control
before_filter :login_required
request sent to intermediary api
# -> send token + sign request with auth_origin_control # -> if auth refused => # -> if app unidentified => no access to api # -> if user unidentified => send to sso
# in controllers signed_request_result(request_uri, options = {})
# Possible to override this in order to force request to force authentication on each request # # def login_required
# if !current_user # respond_to do |format|
# format.html { redirect_to “#SsoClyent.path/auth/sso” }
# format.json { render :json => { ‘error’ => ‘Access Denied’ }.to_json }
# end
# end
# end
# # def current_user # return nil unless session # users = user_klass # uid = userid # if users.respond_to?(:“find_by_#uid”) # @current_user ||= users.send(:“find_by_#uid”, session[‘uid’]) # end
# end # # def current_access_token # return nil unless session # session[‘access_token’] # end #
intermediary api
# # current_user # -> get token from request # -> get original client app from request # => check original_client and user on each request # => sign request to omniauth using auth origin_control before_filter :login_required