This is a sample app to illustrate the $oauth feature of Jasonette, using Facebook as OAuth provider.
The backend acts as JSON provider for the Jasonette client app running on a mobile device, and also contains a protected API endpoint to demonstrate how to restrict data access to authenticated users only.
This is a Ruby on Rails 5 api mode app.
Clone this repo, navigate to it's folder and run
bundle install
Take a look at the config folder: you'll find a database.yml.example: clone it and rename it database.yml, modify it according to your system setup. Do the same with the secrets.yml.example file in the same directory.
Then run:
bundle exec rails db:migrate
This version was tested using ruby version 2.3.0, but it should be simple enough to run safely against other versions.
Go to Facebook's developer portal and create a new web app.
Return to this project folder, and clone the .env.example file: rename it to .env and edit it so that it contains your Facebook app id and secret token.
Go to your new app dashboard, and add Facebook login support to it. Add this callback uri to the setup:
http://{your_local_machine_network_address}:3000/callback
Configure your Jasonette client to listen to the same address, and the setup is done.
http://{your_local_machine_network_address}:3000
The application will redirect the device browser to this custom url scheme:
jasonettefblogin://
Configure your app accordingly!
Start the server with:
bundle exec rails server -b 0.0.0.0
Launch your Jasonette client on a iOS device/emulator (or simply run jason), and see the login process in action.
This code uses rspec for testing.
Navigate the spec folder to take a closer look at the calls made by the system, and see the tests pass by running:
bundle exec rake
Also, a simple code coverage is in place, just navigate the coverage folder once the above command finished.
Of course, if you ever need to run a system like this in production remember to only exchange tokens via secure connections to be fully OAuth 2 compliant.