I am currently implementing the JSON API for Rails to work with the Android mobile application, which requires Google authentication.
The thread I'm hoping for is the Google OAuth2 API One-Time Code Stream (Hybrid Authentication), as described in the omniauth-google-oauth gem. Simply put, an Android application receives a one-time code from a Google Account server and passes it to a Rails API action, which converts it into an access token, and then uses it to retrieve user profile information.
With that in mind, I have two questions regarding the implementation of omniauth Devise in Rails:
I see that the implementation of the one-time client-side stream for Javascript is already described in omniauth-google-oauth gem documention. However, Devise handles the authorization failure, redirecting the user to a new registration page, and the callback phase requires a set of parameters for which I have no documentation. Does Devise support this type of stream for the JSON API? And if so, how to handle it?
I noticed that there is some kind of trigger that initiates the omniauth callback phase, as shown below. The problem is that when I change path_prefix for omniauth to something else that / users / auth /, it does not work when I execute a POST request on the callback URL. What criteria does Devise / Omniauth use for this trigger?
INFO - omniauth: (google_oauth2) .
Rails 4.1.6 Ruby 2.1.3 Devise 3.2.4.
!