Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

自社サービスのAPIをOAuth2対応にして公開した

133 views

Published on

表参道.rb #48発表資料

Published in: Engineering
  • Be the first to comment

自社サービスのAPIをOAuth2対応にして公開した

  1. 1. ALL-IN
  2. 2. 
 
 
 
 

  3. 3. # This block will be called to check whether the resource owner is authenticated or not. resource_owner_authenticator do if (token = doorkeeper_token).present? account = Account.find(doorkeeper_token.resource_owner_id) session[:actor] = account end end resource_owner_from_credentials do |routes| begin actor = Account.authenticate(username: params[:username], password: params[:password]) rescue => e raise Doorkeeper::Errors::AuthenticationFailed end end
  4. 4. default_scopes :login optional_scopes :"accounting:read", :"accounting:write", :"cockpit:read", :"cockpit:write", :"crm:read", :"crm:write", :"ssm:read", :"ssm:write", :"navigator:read", :"navigator:write", :"marketing:read", :"marketing:write", :"groupware:read", :"groupware:write", :"team:read", :"team:write", :"personnel:read", :"personnel:write", :"project_management:read", :"project_management:write", :"accounting:read", :"accounting:write", :"soms:read", :"soms:write", :"mail_delivery:read", :"mail_delivery:write", :"master:read", :"master:write", :all
  5. 5. class Api::V1::ProductsController < Api::V1::ApiController before_action :doorkeeper_authorize! # Requires access token for all actions # before_action -> { doorkeeper_authorize! :read, :write } # your actions end
  6. 6. module Doorkeeper module OAuth class ErrorResponse def body { code: name, message: description } end end end module Errors class AuthenticationFailed < DoorkeeperError def type :authentication_failed end end end end
  7. 7. # ALL-IN Doorkeeper # See https://github.com/doorkeeper-gem/doorkeeper/wiki/Customizing-the-response-body-when-unauthorized def doorkeeper_render_error_with(error) case error.status when :unauthorized fail Unauthorized when :forbidden fail AccessDenied end end
  8. 8.
  9. 9. 
 watch(): void { if (!!this.actor) { let grant: Grant = this.actor.getGrant()!; let isRefreshing: boolean = false; this.intervalId = setInterval(() => { if (!!this.actor && this.actor.isTokenExpired(grant) && !isRefreshing) { isRefreshing = true; this.oAuthTokenService.refreshToken(grant) .subscribe((result: Grant) => { if (this.actor) { this.actor.setGrant(result); this.actor.refresh({indicator: { isDisable: true}}).subscribe(() => { isRefreshing = false; }); } grant = result; }); } }, 10 * 1000); } }

×