我目前正在实现一个基于 Rails 和 sinatra 的架构,并在努力确定我应该提供哪种数据访问方面的身份验证。
服务(Sinatra)应该响应主应用程序(Rails,使用基于 HTTParty 的客户端),也应该响应 API 客户端。
我应该实施哪种身份验证/授权方法?
问问题
331 次
1 回答
0
Basically I would advise using OAuth 2.0. And have your main app as just another API client.
Not sure on your particular use-case but why don't you look at the Doorkeeper gem?
You can configure various permissions, etc on a per client basis so your main app can have more data-access rights than other API clients.
于 2012-11-21T15:50:32.120 回答