Sub-site Authentication? (FAQ / KB / Helpdesk etc.)
Does anyone have a suggestion to integrate your main Devise based Rails app with a secondary related site?
In my example I have a standard Rails app behind authentication with Devise. I want to also have a separate support / knowledge base site behind the same authentication (i.e. single sign on). It would look like this:
- app.mysite.com (main site - user login)
- help.mysite.com (sub site - user has access when currently logged into the main site)
I was thinking that it would be some sort of OMNIAuth or LDAP but could it be as simple as an encrypted token in a cookie? If you don't have that cookie set you just get a redirect to the main site login page? Thoughts?
If they both use Devise, you can sync the user accounts between the two databases and then set the cookies to store on
*.domain.com so they're automatically logged into both. The apps would need to share a secret key base for that since it would be decrypting the same cookie.
That's the ideal so you don't have to have the users go through any process.
You can do omniauth and make your main app where the user logs in the provider and then every other app can be the client. That will work too. You might be able to tweak it so they don't have to approve and it automatically approves the OAuth request so it is more seamless.
I was looking at helpy.io which looks like it uses Devise. Any tips / pointers on syncing the two databases?
Helpy is great! Deployed it via Hatchbox a little while back and it keeps improving.
I think you can probably use the API to create users after they're created in the main app. https://support.helpy.io/api/#operation/postApiV1Users
Chris - any tips to deply Helpy? I am hitting this issue:
onboarding_controller.rb in index at line 8 onboarding_controller.rb:8:in `index' def index @user = User.first @user.name = "" @user.email = "" @user.password = "" end
It's been quite a while since I've deployed it. If it's crashing on
User.first then I assume you need to maybe run a rake task to setup a User or create one in the Rails console first? Not real sure.
I downloaded the repo locally and fired it up. The onboarding page asks you info and sets up the first user etc. (like WordPress does etc.). I the pushed this to my GH account and deployed in my Hatchbox account and deployed. It looks like the seedfile didn't run. Going to try and run that manually...
Yup - ran the seed file and all was good.
FYI - Hatchbox makes these deploys painless. If the seed had not failed I would have had Helpy deployed from scratch in 10 minutes. 👍
Back to the cookies idea. I synced the key base. I want to start with setting an expiring cookie on the main app then confirming in Helpy that it's set. If not redirect to the main app. I will add the Devise synce later.
I tried setting a cookie on the main app then displaying the contents in Helpy but no dice. Any pointers?
Really old post of mine that's relevant here. I bet it's the cookie domain you need to update in both apps. http://excid3.com/blog/sharing-a-devise-user-session-across-subdomains-with-rails-3
That was perfect - I still need to sync the users but for now it's gold. Here is what I did:
- used the same secret access key on both apps
- added :domain => ".insertyour.domain)" so the session_store.rb directive
- on my helpy deploy I added an application before_action:
redirect_to 'https://app.insertyour.domain/help/' if session[:enrollment_id].nil?
- on my main app routes I have:
get '/help', to: redirect('https://help.insertyour.domain'), as: :help
The idea here was that if you hit the help site not authenticated you get redirected to the main app help path, Devise would authenticate then send you back to the help site. The issue is that I now get a
ERR_TOO_MANY_REDIRECTS error. Any ideas on how to make this work?
# routes.rb authenticated :user do get '/help', to: redirect('https://help.insertyour.domain'), as: :help end unauthenticated do get '/help', to: 'home#dashboard' end
This solves the redirect but created another issue. The help site sends you to the main site (
https://app.insertyour.domain/help) signup page. You authenticate and then devise sends you back to the help site and it allows access. The problem is that if you go back to the main app you have to authenticate again. It's not idea but works for now. Not sure why a new attempt to access the main site requires authentiction again.