I have an app at localhost:4000 and I use the OmniAuth gem for steam authentication using /auth/steam . Is there a way I can make the callback go to localhost:6000?
Related
I am creating an application based on Rails and AngularJS. I would like to implement an authentication system by using gem Devise.
I am wondering how to do it. I read some articles about attribute :token_authenticatable : I will have to put my token at the end of all requests I will send.
I have also read this demo project https://github.com/sectore/CafeTownsend-Angular-Rails
They have implemented a SessionService which can create and delete server session. (I suppose, I can use Devise for this job). In rails controler, they get session[:user_id] to know if user is authenticated or not...
My question : Do I need a token system or a cookies system to authenticated my requests ?
Thanks
If your server will be on the same domain as your client, ie: will only be expecting request from your angular client, and the client is hosted on the same URL as the server, then you should use cookies over ssl (for simplicity), EG:
Your site:
www.myangularsite.com/somepage
Your Server
www.myangularsite.com/someserverfunction
They both have the same domain.
However, if you plan on having your server side on a different URL, maybe as an API, then go with tokens, EG:
Your site:
www.myangularsite.com/somepage
Your Server
api.myangularsite.com/someserverfunction
or
myrubyapi.com/someserverfunction
The URL domain is different.
Im using oauth gem in my rails application.
gem 'omniauth-facebook', '1.4.0'
gem "omniauth-google-oauth2"
Facebook client-side authentication is working properly. I followed,
http://railscasts.com/episodes/360-facebook-authentication
Client-side authentication for google is not working or I couldn't get a handle of it.
I see this coffee script being responsible for facebook client side authentication,
jQuery ->
$('body').prepend('<div id="fb-root"></div>')
$.ajax
url: "#{window.location.protocol}//connect.facebook.net/en_US/all.js"
dataType: 'script'
cache: true
window.fbAsyncInit = ->
FB.init(appId: 145280228983243, cookie: true)
$('#sign_in').click (e) ->
e.preventDefault()
FB.login (response) ->
window.location = '/auth/facebook/callback' if response.authResponse
$('#sign_out').click (e) ->
FB.getLoginStatus (response) ->
FB.logout() if response.authResponse
true
What should i do for google client-side authentication?
I just want when a user clicks on "log in with google" a pop-up window
should appear and ask for user-id and password and before asking, it
should check whether the users information is already available on the
browser(client-side) and if available, dont prompt for the user-id and
password, go ahead and login.
I have the same problem and it seems that omniauth-google-oauth2 doesn't support client-side authentication this way as the facebook gem does.
The omniauth-facebook gem, when building access_token, checks if the signed request is present and if it's valid, then it uses access_token provided by request.params or cookie. Otherwise it queries access_token from Facebook with the provided authorization_code.
The omniauth-google-oauth2 gem does only the second operation and because redirect_uri must be same on the initial and on the verification request, you cannot use the gem's current version this way.
I have found one fork https://github.com/pivotal-geostellar/omniauth-google-oauth2/tree/client_login with the example http://pivotallabs.com/facebook-and-googleplus-javascript-sdk-sign-in-with-devise-ror/ but it's not secure to read access_token from request.params without validating it on the server-side.
update
I found a way to verify access_token by id_token and made a pull request to the gem https://github.com/zquestz/omniauth-google-oauth2/pull/50
I have a weird problem when I try to use door_keeper gem with rails app. The problem occurs when I use Oauth2 gem to get the token. But at the part I have url :
http://0.0.0.0:3000/oauth/authorize?response_type=code&client_id=199f27a02764f1ef1d31c2860b83ef93c0cc3dc26886d2b3d76b8ef1e935f3ae&redirect_uri=http%3A%2F%2F0.0.0.0%3A3000%2Fcallback
it doesn't redirect to the page we authorize and get token but it redirects directly to http://0.0.0.0:3000
what's the problem I have here, it should redirect to application authorize page first, shouldn't it ?
The authorization page requires some user to be logged in. You set up that in the resource_owner_authenticator block and it should look something like this:
resource_owner_authenticator do |routes|
# Put your resource owner authentication logic here.
# If you want to use named routes from your app you need
# to call them on routes object eg.
# routes.new_user_session_path
User.find(session[:user_id]) || routes.new_user_session_path
end
In this case, if the user is not in the session when it tries to access /oauth/authorize, it gets redirected back to new_user_session_path.
Only when the user was found from the session, you'll be able to see the authorization page.
I'm using twitter + devise + omniauth + omniauth-twitter to autheticate users via twitter api. From my site I reach, twitter login. I give my twitter credentials. After that I'm redirected to callback url. But the response says the authetication failed. Is there a way I can identify the reason for authetication failure.
If the authetication is successful, I'll have the information in request.env['omniauth.auth'] . What about when the authetication fails? Is there any similar variable available?
Yes, you can use request.env['omniauth.error'].
Omniauth redirects to "/auth/failure" when the authentication fails and it passes a message parameter with the error. So if you catch that in your routes.rb, then you can log params[:message] in the corresponding controller action to figure out what happened.
I am trying to split my current Ruby on Rails 3 web-application and it's web-services (API). My web-application is running on Heroku and implements API as a namespaced route within my application. For example /events returns a HTML page and /api/v1/events returns a JSON data.
According to some best practices, I want to split those into two different applications. I have chosen Sinatra to implement the API application. It works now for simple requests where authentication is not required.
My Ruby on Rails 3 application is using Devise to authenticate users. There's also ability to login with Facebook account. Now what I want to achieve, is HTTP Basic Authentication of users (including registration) through my Sinatra-based API by using Warden.
What is the best way to do that? Or maybe I can use something different then Warden?
Keep in mind that I am not very familiar with Rack :)
I was able to get it working. There were a few main aspects:
Get Devise working with Rails (Devise is a Rails app, won't work
without it)
Setup the mapping (route) on Rack level to support both Rails and Sinatra
Share the sessions between Rails and Sinatra
Setup Warden and make it available to Sinatra
Here is most relevant part of code from /config.ru:
#
# ...
# Rest with Rails
map "/" do
run MyApp::Application
end
# Anything urls starting with /slim will go to Sinatra
map "/slim" do
# make sure :key and :secret be in-sync with initializers/secret_store.rb initializers/secret_token.rb
use Rack::Session::Cookie, :key => '<< see, initializers/secret_store.rb >>', :secret => '<< copy from initializers/secret_token.rb >>'
# Point Warden to the Sinatra App
use Warden::Manager do |manager|
manager.failure_app = AppMain
manager.default_scope = Devise.default_scope
end
# Borrowed from https://gist.github.com/217362
Warden::Manager.before_failure do |env, opts|
env['REQUEST_METHOD'] = "POST"
end
run AppMain
end
See, http://labnote.beedesk.com/sinatra-warden-rails-devise for a complete solution.