CSC/ECE 517 Spring 2015/ch1b 21 QW: Difference between revisions
Line 29: | Line 29: | ||
Where <code>"TWITTER_KEY"</code> and <code>"TWITTER_SECRET"</code> is the appropriate values you obtained [https://apps.twitter.com/ here]. | Where <code>"TWITTER_KEY"</code> and <code>"TWITTER_SECRET"</code> is the appropriate values you obtained [https://apps.twitter.com/ here]. | ||
=== Integrating OmniAuth into Rails Application === | === Integrating OmniAuth into Rails Application === | ||
OmniAuth is an extremely low-touch library. It is designed to be a black box that you can send your application's users into when you need authentication and then get information back. OmniAuth was intentionally built not to automatically associate with a User model or make assumptions about how many authentication methods you might want to use or what you might want to do with the data once a user has authenticated. This makes OmniAuth incredibly flexible. To use OmniAuth, you need only to redirect users to <code>/auth/:provider</code> , where <code>:provider</code> is the name of the strategy (for example, <code>developer</code> or <code>twitter</code> ). From there, OmniAuth will take over and take the user through the necessary steps to authenticate them with the chosen strategy. | |||
Once the user has authenticated, what do you do next? OmniAuth simply sets a special hash called the Authentication Hash on the Rack environment of a request to <code>/auth/:provider/callback</code> . This hash contains as much information about the user as OmniAuth was able to glean from the utilized strategy. You should set up an endpoint in your application that matches to the callback URL and then performs whatever steps are necessary for your application. For example, in a Rails app I would add a line in my <code>routes.rb</code> file like this: | |||
== Other Examples == | == Other Examples == | ||
== References == | == References == | ||
<references/> | <references/> |
Revision as of 17:31, 16 February 2015
Omniauth
Omniauth is a Ruby authentication framework aimed to integrated with various types of authentication providers. It can be hooked up to any system, from social network to enterprise systems to simple username and password authentication. <ref>https://github.com/intridea/omniauth/wiki</ref>
The topic writeup for this page can be found here.
Background
With web application booming, most users login hundreds of services every day and won't expect to create unique login and password for each service. So intridea recently releases a standard library to provide multi-provider authentication for web applications.
Rack Middleware
Sinatra
Getting Start
Each OmniAuth strategy is a Rack Middleware, which means it can be used the same way as other Rack middleware. Here we introduce some simple steps to illustrate how to use Twitter strategy for OmniAuth.<ref>https://github.com/intridea/omniauth</ref>
Modifying Gemfile
First start by adding this gem to your Gemfile:
gem 'omniauth-twitter'
If you need to use the latest HEAD version, you can do so with:
gem 'omniauth-twitter', :github => 'arunagw/omniauth-twitter'
Specifying Multi-strategies
Because OmniAuth is built for multi-provider authentication, you need to run multiple strategies. For this, the built-in OmniAuth::Builder
class gives you an easy way to specify multiple strategies. Note that there is no difference between the following code and using each strategy individually as middleware. This is an example that you might put into a Rails initializer at config/initializers/omniauth.rb
:
Rails.application.config.middleware.use OmniAuth::Builder do provider :developer unless Rails.env.production? provider :twitter, ENV['TWITTER_KEY'], ENV['TWITTER_SECRET'] end
Where "TWITTER_KEY"
and "TWITTER_SECRET"
is the appropriate values you obtained here.
Integrating OmniAuth into Rails Application
OmniAuth is an extremely low-touch library. It is designed to be a black box that you can send your application's users into when you need authentication and then get information back. OmniAuth was intentionally built not to automatically associate with a User model or make assumptions about how many authentication methods you might want to use or what you might want to do with the data once a user has authenticated. This makes OmniAuth incredibly flexible. To use OmniAuth, you need only to redirect users to /auth/:provider
, where :provider
is the name of the strategy (for example, developer
or twitter
). From there, OmniAuth will take over and take the user through the necessary steps to authenticate them with the chosen strategy.
Once the user has authenticated, what do you do next? OmniAuth simply sets a special hash called the Authentication Hash on the Rack environment of a request to /auth/:provider/callback
. This hash contains as much information about the user as OmniAuth was able to glean from the utilized strategy. You should set up an endpoint in your application that matches to the callback URL and then performs whatever steps are necessary for your application. For example, in a Rails app I would add a line in my routes.rb
file like this:
Other Examples
References
<references/>