I'm currently building an iOS app in Swift which calls APIs from a Rails Server. The RoR application is secured with Devise and Omniauth Strategy for Facebook Login, and the API is secured with Doorkeeper.
I want the clients to be able to bypass Doorkeeper, if they are already signed in with Devise so I put this line into my API base controller before_action :doorkeeper_authorize!, unless: :current_user. When I sign in through Facebook by passing the access token to the authentication path (-> authentications#passthru) via the Webbrowser, everything works as expected. Doing "the same thing" on iOS doesn't work.
Edit: When using the browser the redirects are handled correctly. When calling the same URL from iOS the whole process stops at the response of the initial request:
Started POST "/users/auth/facebook" for 10.0.2.2 at 2015-03-27 18:43:24 +0100
I, [2015-03-27T18:43:24.388328 #5131] INFO -- omniauth: (facebook) Request phase initiated.
(0.1ms) BEGIN
SQL (0.2ms) INSERT INTO "sessions" ("created_at", "data", "session_id", "updated_at") VALUES ($1, $2, $3, $4) RETURNING "id" [["created_at", "2015-03-27 17:43:24.390850"], ["data", "B...=\n"], ["session_id", "0dca6d501f8fbb027796140c7b80b512"], ["updated_at", "2015-03-27 17:43:24.390850"]]
The response seems to be a page from Facebook which is normally probably returned to the rails app. The sign in happens right after the Facebook callback is handled, which is never called. That's why it's not working in the iOS app. Any idea how to do it correctly?
Aucun commentaire:
Enregistrer un commentaire