In a previous screencast we set up a simple Rails web service for todos and deployed it to production. But right now there's no authorization on it, which means anyone can come along and modify our data.
Let’s see this problem by sending a POST request to create a todo. We will use the Postman client that we discussed in a previous screencast. Even though we didn't provide any kind of authentication, we were allowed to create a record. That’s a problem.
In this screencast, we’ll use the Doorkeeper gem makes it easy to add authentication to Rails APIs using the OAuth 2 standard.
After this screencast, you’ll be able to:
- Add authentication to your Rails API with very little code.
For the More Curious...
Rails has_secure_password method
OAuth2 password grant