AuthPassportCheckpoint

Setup Sso Clyent

Setup AuthOriginControl

Usage

end client app

get current_user

# # Store token in session # # Send request to ominauth with session token on each request, # # Sign request to omniauth using auth_origin_control

before_filter :login_required

request sent to intermediary api

# -> send token + sign request with auth_origin_control # -> if auth refused => # -> if app unidentified => no access to api # -> if user unidentified => send to sso

# in controllers signed_request_result(request_uri, options = {})

# Possible to override this in order to force request to force authentication on each request # # def login_required

# if !current_user # respond_to do |format|

# format.html { redirect_to “#SsoClyent.path/auth/sso” }

# format.json { render :json => { ‘error’ => ‘Access Denied’ }.to_json }

# end

# end

# end

# # def current_user # return nil unless session # users = user_klass # uid = userid # if users.respond_to?(:“find_by_#uid”) # @current_user ||= users.send(:“find_by_#uid”, session[‘uid’]) # end

# end # # def current_access_token # return nil unless session # session[‘access_token’] # end #

intermediary api

# # current_user # -> get token from request # -> get original client app from request # => check original_client and user on each request # => sign request to omniauth using auth origin_control before_filter :login_required