0
In an app I need to edit the registration data of a user such as name, email, phone and password (for the optional password, I found this solution).
However this change is made via API. Since it involves data change I need to know how to make this change safely. If it were only on the web I would use current_user which would guarantee me that only the logged-in user would change their own data. But in this case I don’t know how it works.
1
I recommend you take an approach with a TOKEN for user authentication via API (note that it is not related to the old Tokenauthenticable of Devise).
Your User model will have one TOKEN which will be a random code. Every API request you pass this TOKEN to ensure that it is the real user.
Rails already has a method to verify this type of authentication: authenticate_with_http_token
If you want to increase security you can also provide a APP_SECRET which will be used to encode your token, through an algorithm.
That one APP_SECRET will not be sent in communication (HTTP calls), but has to be stored both on the server and on the client.
References that can help you:
http://blog.envylabs.com/post/75521798481/token-based-authentication-in-rails http://keighl.com/post/secure-api-request-from-ios-to-rails/
Browser other questions tagged ruby-on-rails
You are not signed in. Login or sign up in order to post.