Skip to content

Latest commit

 

History

History
100 lines (72 loc) · 3.06 KB

authentication.md

File metadata and controls

100 lines (72 loc) · 3.06 KB
Raw

Flexirest: Authentication

Basic authentication

You can authenticate with Basic authentication by putting the username and password in to the base_url or by setting them within the specific model:

class Person < Flexirest::Base
  username 'api'
  password 'eb693ec-8252c-d6301-02fd0-d0fb7-c3485'

  # ...
end

You can also pass in a Proc or a block to username and password if you want to dynamically pull it from somewhere, e.g. a Current class descending from ActiveSupport::CurrentAttributes.

class Person < Flexirest::Base
  username -> (obj) { obj ? Account.find(obj.id).username : Current.username }
  password do
    Rails.configuration.x.default_password
  end

  get :all, "/people"
  get :find, "/people/:id"
end

Note in the above code sample, we've used a proc in one of them and a block in the other. There's no difference at all, we just wanted to demonstrate both syntaxes. Also, both will accept a single parameter (obj in the above) to receive an optional parameter for the current Flexirest object (if not called from a class context). For example, the username call above handles things differently if it's called from an object context:

person = Person.new(id: 1234)
person.find

Or if it's called from a class context:

Person.find(id: 1234)

Basic authentication method

Flexirest provides two methods for HTTP Basic Auth. The default method is :url:

class Person < Flexirest::Base
  basic_auth_method :url
end
# Includes the credentials in the URL:
#   https://my_username:my_password@example.com/

But you might want to keep the credentials out of your logs and use the :header method:

class Person < Flexirest::Base
  basic_auth_method :header
end
# Clean URL:
#   https://example.com/
# with the base64 encoded credentials:
#   Authorization: Basic YXBpOmViNjkzZWMtODI1MmMtZDYzMDEtMDJmZDAtZDBmYjctYzM0ODU=

Api-Auth

Using the Api-Auth integration it is very easy to sign requests. Include the Api-Auth gem in your Gemfile and then add it to your application. Then simply configure Api-Auth one time in your app and all requests will be signed from then on.

require 'api-auth'

@access_id = '123456'
@secret_key = 'abcdef'
Flexirest::Base.api_auth_credentials(@access_id, @secret_key)

You can also specify different credentials for different models just like configuring base_url:

class Person < Flexirest::Base
  api_auth_credentials '123456', 'abcdef'
end

For more information on how to generate an access id and secret key please read the Api-Auth documentation.

If you want to specify either the :digest or :override_http_method to ApiAuth, you can pass these in as options after the access ID and secret key, for example:

class Person < Flexirest::Base
  api_auth_credentials '123456', 'abcdef', digest: "sha256"
end

< Lazy loading | Body types >