Am using omniauth-exact gem to authenticate the user to ExactOnline, it works perfectly good but after authenticating the user I also need to query back to ExactAPI and fetch some data which in case am supposed to use either GET,POST method.
The callback returns back users info, token and refresh token so I need to use access token to request data from Exactonline API using omniauth. How can i archive this.
OmniAuth is really just a tool for authenticating the user. If you want to perform some actions against the api which are not really part of the authentication flow you would normally save the access token and use it with an API client.
You can get the token in the handler which handles the Omniauth callbacks:
class class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def exact
auth_hash = request.env["omniauth.auth"]
session[:token] = auth_hash[:credentials][:token]
# ...
end
def
For the providers like Twitter or Facebook there are ready made API clients but in this case you may want to use Intridea's generic OAuth2 library to create a client.
require 'oauth2'
client = OAuth2::Client.new('client_id', 'client_secret', site: 'https://start.exactonline.nl/api')
access_token = OAuth2::AccessToken.new(client, session[:token])
response = access_token.post('/api/v1/something', { foo: :bar })
case response.status
when 201:
# ...
when 401:
# ...
end
I would encourage you to create a client class or a service object to handle this - don't inline it into your controller as its really messy and hard to test properly.
Here are a few examples of existing API clients:
