Rails_api_auth

Overview

Rails API Auth is a robust and lightweight Rails Engine that streamlines the implementation of the "Resource Owner Password Credentials Grant" OAuth 2.0 flow. It is particularly designed for API projects and offers additional functionalities such as Facebook and Google authentication. By utilizing Bearer tokens for request authorization, it ensures enhanced security while managing user credentials gracefully.

This engine captures user credentials and tokens in a separate Login model, providing developers with the flexibility to maintain the integrity of their application's User model. Whether you're building a new API or looking to enhance an existing one, Rails API Auth offers essential features that ease authorization management seamlessly.

Features

• OAuth 2.0 Flow: Implements the "Resource Owner Password Credentials Grant" ensuring secure user authentication in API projects.

• Social Media Authentication: Integrates easily with Facebook and Google for additional user authentication options.

• Bearer Token Support: Utilizes Bearer tokens for authorizing requests from clients, adhering to RFC 6750 standards.

• Data Separation: Uses a Login model to keep user credentials and tokens distinct from the application's main User model.

• Built-in Routes: Automatically adds routes for acquiring and revoking Bearer tokens, simplifying API endpoint management.

• Request Authorization: Provides an authenticate! helper to ensure valid Bearer tokens are included in requests, improving security.

• Current Login Access: Offers a current_login method to access the Login model related to the valid Bearer token, facilitating role-based checks.

• Easy Configuration: Simplifies customization through adjustable attributes on its main module, allowing for adaptable implementation in diverse environments.