I've just updated Omniauth from 0.2.6 to 1.1.1 in order to use the developer strategy. I've made my login link point to /auth/developer if the environment is development and /auth/facebook if production.
The Facebook strategy still works. When using the developer strategy, the link goes to the built-in Omniauth sign in page but returns a 404 when clicking sign in. This model does not use Devise.
Routes file
get "/auth/:provider/callback" => "sessions#create"
.
.
.
get '*a', :to => 'errors#routing'
Omniauth initializer
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, [etc.]
provider :developer if Rails.env.development?
end
Log
Started GET "/auth/developer" for 127.0.0.1 at 2012-12-19 16:23:04 +0200
Started POST "/auth/developer/callback" for 127.0.0.1 at 2012-12-19 16:23:10 +0200
ActionController::RoutingError (No route matches "/auth/developer/callback")
Ran into this today in a new rails 4 application, I'm currently using this route as a workaround:
match '/auth/:provider/callback', to: "sessions#create", via: [:get, :post]
Related
This gem ("devise_token_auth") is used for token authentication for applications using JSON APIs for front-end development.
Can we use this gem for server side rendering? If yes, then how to add the token from a previous response to the current request?
I don't know if this is still a pressing matter for you, but I'd like to throw in some advice.
For your API you can throw in devise_token_auth and it will do what everything you need for authentication there.
And if you need authentication with server-side rendering of pages (such as login forms, reset password forms, etc.) just throw in regular devise too. It will work with your exact same User model and table, and there will be little friction to get things up and running with the same resources you use with devise_token_auth.
Gemfile
#autentication and authorization
gem 'devise', '~> 3.5', '>= 3.5.6'
gem 'devise_token_auth', '0.1.37'
Then run
bundle
Run the installer for devise:
rails generate devise:install
Then generate your user model:
rails generate devise User
Install devise_token_auth now:
rails g devise_token_auth:install User "auth"
And make sure your database is migrated:
rake db:migrate
I think devise_token_auth may overwrite your user model, I'm not certain, but if it does, keep the migrations for devise_token_auth only and ignore the migrations for Devise.
Then make sure your routes.rb matches this:
Rails.application.routes.draw do
devise_for :users
root "home#index"
namespace :api, defaults: { format: :json } do
namespace :v1 do #I namespace my routes
mount_devise_token_auth_for "User", at: "auth"
end
end
end
devise_for must come before mount_devise_token_auth.
Then just refer to the official devise and devise token auth documentation to get both solutions working for you.
Hope this helps anyone who reaches this point and has a need to authenticate users on mobile app and on browser web app.
I want to login using twiter app for that i used gem 'omniauth-twitter' now please tell me whats app url in twitter when i want to use localhost:3000 i gave http://0.0.0.0:3000 as url
and in call back url my index page
like
localhost:3000/index
my app not able to redirect to twiiter page on click on this link
http://localhost:3000/auth/twitter
please some body help me .....
For the callback URL use http://127.0.0.1:3000 as base and specify the route to the controller that deals with omniauth information.
Example: http://127.0.0.1:3000/auth/twitter/callback
I'm also using twitter-omniauth for signing people up with twitter... these are the routes I'm using in routes.rb, relating to twitter-omniaouth:
match '/auth/twitter/callback' => 'sessions#create'
match '/signin' => 'sessions#new', :as => :signin
match '/signout' => 'sessions#destroy', :as => :signout
match '/auth/failure' => 'sessions#failure'
Hope it helps?
I have a Rails 3.2 app with Devise for authenticating users.
On local development mode, the Sign-out link is not working. It redirects me to home page instead of showing Sign-in page and the session is not destroyed. But on Heroku, clicking on Sign-out link properly logs me out and shows me the Sign-in page destroying the user session.
In application .haml layout page, the link to Sign-out page is:
= link_to "Sign Out", destroy_user_session_path, :method => :delete
Related routes:
devise_for :users, :controllers => { :sessions => 'sessions' }
new_user_session GET /users/sign_in(.:format) sessions#new
user_session POST /users/sign_in(.:format) sessions#create
destroy_user_session DELETE /users/sign_out(.:format) sessions#destroy
I have inherited the Devise::SessionsController to SessionsController in my app as below:
class SessionsController < Devise::SessionsController
layout 'devise_layout'
end
Now the weird case is that, after the session is expired which is default 30 minutes, I log in again and click on Sign-out link, it redirects me back to Sign-in page.
All works fine on Heroku, it fails on local. I am unable to figure it out what is happening on local.
I don't think I am doing anything wrong here because same is deployed to Heroku and is working fine there. What's wrong with development mode on local?
Oops...answering late.
Anyway, I was able to figure out the issue. Actually the app is subdomain based. So I used lvh.me:3000 for testing on local as localhost:3000 doesnt support subdomain.
The workaround is to set subdomain as "lvh.me" in session_store.rb.
domain: 'lvh.me'
This is the tutorial I followed. Scroll down to the Google open-id integration:
https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
On the server I get the following rejection message after clicking the login with google link:
WARNING: making https request to https://www.google.com/accounts/o8/id without verifying server certificate; no CA path was specified.
processing by users omniauthcallbackscontroller failure as html
EDIT the following two lines fixed the CA path Warning but did nothing to fix the failure as html problem or move me forward
require "openid/fetchers"
OpenID.fetcher.ca_file = "/etc/ssl/certs/ca-certificates.crt"
It then re-routes me to users/sign_in.
My devise config line looks like this:
config.omniauth :open_id, :store => OpenID::Store::Filesystem.new('/tmp'), :name => 'google', :identifier => 'https://www.google.com/acounts/o8/id', :require => 'omniauth-openid'
My research tells me that I'm probably hitting the openID servers but that I'm getting rejected. Is there anyway to get more info from some sort of rejection notice? What could be wrong with my request?
One thing I thought of was credentials for open ID but I didn't see anywhere in the tutorial where I was supposed to get or enter any credentials.
Try to specify the ca_path:
config.omniauth :open_id, :store => OpenID::Store::Filesystem.new('/tmp'),
:name => 'google',
:identifier => 'https://www.google.com/acounts/o8/id',
:require => 'omniauth-openid',
:client_options => {:ssl => {:ca_path => '/etc/ssl/certs'}}
And see if it works.
I am trying to split my current Ruby on Rails 3 web-application and it's web-services (API). My web-application is running on Heroku and implements API as a namespaced route within my application. For example /events returns a HTML page and /api/v1/events returns a JSON data.
According to some best practices, I want to split those into two different applications. I have chosen Sinatra to implement the API application. It works now for simple requests where authentication is not required.
My Ruby on Rails 3 application is using Devise to authenticate users. There's also ability to login with Facebook account. Now what I want to achieve, is HTTP Basic Authentication of users (including registration) through my Sinatra-based API by using Warden.
What is the best way to do that? Or maybe I can use something different then Warden?
Keep in mind that I am not very familiar with Rack :)
I was able to get it working. There were a few main aspects:
Get Devise working with Rails (Devise is a Rails app, won't work
without it)
Setup the mapping (route) on Rack level to support both Rails and Sinatra
Share the sessions between Rails and Sinatra
Setup Warden and make it available to Sinatra
Here is most relevant part of code from /config.ru:
#
# ...
# Rest with Rails
map "/" do
run MyApp::Application
end
# Anything urls starting with /slim will go to Sinatra
map "/slim" do
# make sure :key and :secret be in-sync with initializers/secret_store.rb initializers/secret_token.rb
use Rack::Session::Cookie, :key => '<< see, initializers/secret_store.rb >>', :secret => '<< copy from initializers/secret_token.rb >>'
# Point Warden to the Sinatra App
use Warden::Manager do |manager|
manager.failure_app = AppMain
manager.default_scope = Devise.default_scope
end
# Borrowed from https://gist.github.com/217362
Warden::Manager.before_failure do |env, opts|
env['REQUEST_METHOD'] = "POST"
end
run AppMain
end
See, http://labnote.beedesk.com/sinatra-warden-rails-devise for a complete solution.