[MUSIC] Okay. Welcome back to our final lecture here where we will actually integrate our OAuth with the movie editor application and the movie service and the user. So we look at registration, processing registration result, we also build the authorization URL, where we make take advantage of the code and the token and all that. So what is the integrating the authentication piece? So if you recall in our initial demo or the initial little picture that I showed you the step zero or the very first step is for the acme.com, or the movie editor application or the photo printing service. In the other example to register with this will be service of the Facebook or Linked In or Instagram, right, the movie service or the OAuth provider basically. So, in our case our acme.com, and when we edit our application we'll actually register with our movie service which also has an OAuth provider built into it. And we'll do that by going into this URL, localhost:3000/oauth/applications/new. Okay, so let's go to our new application registration screen. So when you put this URL, oauth/applications/new, you get a simple page. So let's go and give a name. So let's call this as movie client. Movie client and let's put the redirect URI, okay? And then let's go and do a submit. So now what we get back in the results is an application ID and a secret password. And we also get the callback URL that we sent. We need to store this information as we will need this information to authorize URL requests when we do that request, we need this. So I'm going to store this, make sure to save this. And we will go and send a request off from the Reyes console. Okay so using the OAuth two gem, we'll take the provided information and we'll generate an authorization URL. So here is our app ID. Now here is our secret. That is going to be our acme URL. And with those three information, let's go and build our client here, that was successful. Okay, now let's go and send an authorized URL request and what we get back is an HTTP URL in a response. So this is an authorization URL. And what we need to do is plug or copy and paste this authorization URL into the browser. And we should get redirected to the callback URL. So let's go and paste that URL, the authorization URL that we got back, into our browser. Now when you copy and paste the first time you will get the sign-in, so sign in and then log in, and then re-paste that URL, and you should get the authorization code. So, I'm logging in. Okay, and I'm going to go back and paste that same authorization URL. And then we get a message saying authorization is required, signed in successfully. Do you want to authorize Movie Client to use your account? And when I say authorize this should give us a code and of course redirect it to acme.com. And we don't have a website called acme.com but basically it's redirecting to the URL that we had mentioned. But what is important here is we have the code. We need to again store this code because we need to get a token using this code. And we will do that. So let's go and set the code to whatever we got. And now let's go and do a get token. Okay, so looks like everything went well, so we got a good response back. So let's go actually go and see what the token is. So if I do an access.token, we get the token. So again, this is what we need to again, store. And this is what we will be using in the second part of the demo. This is finally the last part of the demo, accessing the application. So we'll remove device as an authentication check to gain access to the API. And we'll replace it with the doorkeeper_authorized before action and continue to protect only the right actions like post and potence on. So with that change, let's attempt to create a new movie as we have done earlier and see what happens. So the first think you will see is it's that a 401 unauthorized. So let's actually look into the response and see what's going on. So if you look into the response, you will see that is again 401 unauthorized, so let's actually get more details on this. So if we poke into the header you will see that it says the axis token is invalid, right? So now the token that we got in the previous step. We need to use that and with that let's see what happens to our request. Okay, so now let's try to do a post with the access token, so the only difference between this and the previous example is the fact that we are sending in an axis token. With ID 12346. So, let's see how the server responds. So, if I hit enter, there it is. So, the movie was very successfully created, and we have a 201. Now, here is a quick example with the put specifying the token as well. So, it's put with the same token that I have. And that tool four, that is successful. Now I can do a get without passing the token. That should work fine, so here is a get. 200 okay. So it's coming back fine. We can always look into the response and we can parse the response as well. So here is the response parsing. So that's the rocky26 coming back. So again, do a get or non-writable methods. We don't have to pass a token. So just to summarize, there was a lot of things we did in this example. We used device for user account management for our movie service to both protect our HTML and also our API service. Now, it was obviously an overkill for such a small, simple application to do all of this. But the whole idea was to give you a simple demonstration of account management and authentication that is kind of industry standard in application today. And in fact, many of the other security options all tend to have integrated with the device. Also we used OAuth two doorkeeper as a means of authentication because again of its popularity and the attraction of not having to manage authentication information locally and how simple it is to use once a token has been generated. So we looked at all the steps to get the code and token and all that. We also leverage the OAuth two gem and the rails console to simulate what an OAuth client application would go through, right? And hopefully this example gave a nice overview of OAuth integrated into an application. So with this, we pretty much wrap up this lecture and also this module. And once again, thank you all for taking this course.
