Backend for API Based Google OAuth2 with Rails + Devise
I recently implemented Google’s OAuth for a ReactNative mobile app and noticed that most of the existing documentation is meant to support the implementation of OAuth using a server side rendered web flow only. In this article, we will go over the nuances in the backend when developing a separate frontend application that uses an existing JWT authorization flow.
Pre-Requisites
Before starting on this tutorial, ensure you have the following:
- A ReactNative app that can make authenticated requests to your server using a JWT token retrieved from the header (or body) of specific requests such as
/login
. - A Ruby on Rails backend with an existing user model configured with the devise gem and with JWT support provided via the devise-jwt gem.
Introduction
The OAuth (Open Authorization) 2.0 protocol was developed as an open standard for access delegation in order to provide users a way to access information from one application within another without having to provide one of the application’s password to the other.
There are a few different implementation strategies such as the one represented in the image below where a client application authenticates with a provider (in this case Google)…