I'm using Devise 2.1.2 with multiple OmniAuth providers. My devise.rb file contains this line:
config.omniauth :linkedin, API_KEY, SECRET_KEY, :scope => 'r_emailaddress', :fields => ["email-address"]
It is currently stripped down to just email-address since that is the only thing acting strange. Taking a look inside request.env['omniauth.auth'].info, the email key is blank.
How come? I don't want to bypass validation, I wan't to use the email address from the users LinkedIn account.
Thanks to the thread link in Remus Rusanu's answer, I noticed this post by a LinkedIn employee:
Hey guys, we're working on a migration plan for existing applications. The new member permissions only apply to newly registered applications.
Thanks!
Kamyar
Due to no patience, creating a new LinkedIn application allowed me to retrieve the user email address. How nice that they finally changed their mind about this.
Given that LinkedIn as a matter of policy does not share the email over oauth, I'm not at all surprised.
Related
I have tried to understand the whole OAuth concept but am failing to be able to progress my application. Lets start with some info about what I want to do:
Firstly, I am writing a blog application in Codeigniter, for myself. On this blog, I want to present some of my shared data from around the web, such as tweets, flickr, 500px photos, sound cloud tracks etc. I am starting with Twitter. I know I can use twitter appltes etc, but I want to this all in native code so that I can understand the whole OAuth process.
Secondly, All of the data on twitter, 500px etc is mine - no one will log into my blog, and therefore I am not interested in "sign in with twitter" type stuff.
Thirdly, I have registered my app with Twitter, and have the Consumer Key, Consumer Secret, an Access Token and an Access Token secret.
Now this is where I think I am going wrong. Lets say I want to grab my own timeline. The twitter API says this needs to be authenticated. Can I not just pass my two keys, and my Access Token to retrieve my timeline.
I have tried all sort of things and keep getting an error of:
{"errors":[{"message":"Invalid or expired token","code":89}]}
I know my access token is correct as I can see it in my twitter api panel.
If I make this call, which I know does not need authentication, it brings back my user details just fine:
$user = $this->rest->get('http://twitter.com/users/show', array('screen_name' => 'jamesstoddern'));
However, if I try to connect to my timeline with something like this, it fails with the error stated above.
$authArray = array(
'consumer_key' => 'MY KEY HERE',
'consumer_secret' => 'MY SECRET HERE',
'username' => 'jamesstoddern',
'access_token' => 'MY ACCESS TOKEN HERE'
);
$timeline = $this->rest->get('https://api.twitter.com/1/statuses/home_timeline.json', $authArray);
I am obviously doing something wrong, but all of the examples I find seem to be about authenticating other users with a "Sign in with twitter" button, and not about just authenticating your own application silently.
I would be so greatful if someone could give me some pointers or an example that does just what I want it to do.
I am using Codeigniter, and have tried Phils Sturgeons OAuth spark but cannot find suffient examples to help me out. I really find all of this a struggle.
Please can someone explain the steps I need to take to authenticate my own application silently so that I can make calls to my own twitter resources. Once I understand this concept, I should be able to apply the same logic and understanding to connect to my 500px photos for example. I do not want to use twitter specific code and want to make all of this as generic as possible so that I can connect to any API in theory.
Thanks all and sorry for such a long winded question!
James
I know this question is quite old but maybe I can help. I found this guide really helpful which explains the steps you need to take to authorize a request. I have also created a CodeIgniter library for using the Twitter API. It may be work getting a copy of it and looking through to code to see how its done.
I am using omniauth with LinkedIn as a provider. LinkedIn doesn't supply
an email in info hash, so i cannot provide an email when create the user based
on the information I get back.
Two related questions:
1) How can I adjust devise so that there isn't a requirement
for :email as a validation? It doesn't appear to be set under the
User model.
2) I do want to get the email information, however, so want to have
email information requested before creating the User. How can I
redirect to a page/wizard asking for email information and then come
back to finish the user registration?
I just solved this without needing to use the separate 'linkedin' gem, it was pretty difficult as there was a distinct lack of documentation on the subject!
Firstly you need to make the email-address available by adding the fields option to your LinkedIn Omniauth configuration, you will also need to override the request_token_path in order to add the r_emailaddress scope required to retrieve a users email address.
Mine ended up looking something like this (NB. Ruby 1.9.3):
provider :linkedin, external_services['linkedin']['api_key'], external_services['linkedin']['api_secret'], client_options: {request_token_path: '/uas/oauth/requestToken?scope=r_emailaddress'}, fields: ['id', 'first-name', 'last-name', 'headline', 'industry', 'picture-url', 'public-profile-url', 'email-address']
NOTE: Dont forget to change external_services['linkedin']['api_key'] and external_services['linkedin']['api_secret'] to your own.
Your user will then be asked to authorise use of their email address as well as their basic provide and you will have access to it once they are returned via:
auth['extra']['raw_info']['emailAddress']
I should probably commit this change back to omniauth-linkedin so you can simply set scope: r_emailaddress in the provider options, avoid the duplication of the field names and get the email back in the info section of the auth object.
If I get time after this section of my project is finished I will.
Take a look at the railscasts about omniauth: http://railscasts.com/episodes?utf8=%E2%9C%93&search=omniauth
The idea is the following:
Create a new user from the omniauth info
try to save the user
since the email is not present it won't validate
store the omniauth data in the session and redirect_to new_user_registration_url
create your own registration controller that inheritates from the devise one
override the build_resource(*args) method, and if the omniauth data is present, use it to create the resource (User in your case)
That way, after trying to login with linkedin, the user will be redirected to a form where he will be able to enter his email.
It's all explained in the railscast ;)
I have a twitter app with access level "Read, write, and direct messages"
I am using omniauth-twitter gem along with devise for letting users sign up and log into my site through twitter. All is fine till now.
It would be nice if the user is able to send direct messages to the his/her followers.
To fetch the list of followers I am using twitter gem. Now how do I let the user send the message he wants?
I have tried almost anything but all returns This application is not allowed to access or delete your direct messages error. This has been killing me for the past week
When I do Twitter.verify_credentials there is no error raised and a User object is returned. But when I call Twitter.direct_messages the above errors is raised. Am i missing something obvious here?
Thanks in advance.
Update: When I tried Twitter.direct_message_create() it worked like a charm! Would like to know as to why Twitter.direct_messages didn't work.
Check https://twitter.com/settings/applications to make sure that DM permissions are actually authorized. If not revoke and reauthorize. Make sure the OAuth tokens the account has granted to the app actually include DM access. Sometimes an app will not have DM acces, OAuth tokens will get authorized then DM access gets added to the app settings and the OAuth token for the account doesn't have DM access authorized.
To answer your update question:
Update: When I tried Twitter.direct_message_create() it worked like a
charm. Would like to know as to why Twitter.direct_messages didn't
work.
Twitter.direct_message(id)
Is used to retrieve existing DMs, whereas:
Twitter.direct_message_create(user, text)
is used to send a DM.
See here: http://rubydoc.info/github/jnunemaker/twitter/master/Twitter/Client/DirectMessages
As an update to #auxbuss's answer, the method has been renamed to:
Twitter.create_direct_message(user,text,options={})
The documentation has also moved:
http://rubydoc.info/github/sferik/twitter/master/Twitter/REST/DirectMessages.
I'm creating a new Rails 3 app and I want to allow users to sign-in using their Facebook or Twitter credentials.
I don't know whether I should implement this using Devise and OmniAuth, or just OmniAuth. I just watched Ryan Bate's screencast on Simple OmniAuth and it seems like I could just use OmniAuth, but I'm not sure it's enough.
I have the following requirements:
Allow sign-in via Facebook and/or Twitter. I will not be implementing local user accounts/passwords.
Signing in via FB/Twitter for the first time should create a new user in the db so I can store the associated FB/Twitter oAuth tokens.
Users should be able to associate both a FB and a Twitter acct to their profile/user so they can post to both FB and Twitter.
Users should be able to delete their account.
I posted this on the Devise Google Mailing List and got this response from José Valim (Devise maintainer and Rails core team member):
"You can use just OmniAuth. If you use Devise, the only benefit is that it will add Omniauth url helpers, but that is so minimal that honestly is not worth the overhead."
-- José Valim
Devise is a fancy way to automatically handle all the things that go with user accounts. If you don't need all the bells and whistles, you should definitely just go the Simple OmniAuth way like in the screencast.
The only hitch I see with trying to link up a Facebook and Twitter account is that you'll have to require them to be signed into one in order to link the other -- and if they do happen to sign in on separate occasions, you could possibly have two Users in your database. This wouldn't be a problem if you were doing Google and Facebook because they both send back an email address, but Twitter only sends back a username, no email address.
You'll have to add a field to the User model for a username (Twitter) and email address (Facebook) so you can attempt to link the accounts if a visitor did it separately and wants to link them later. Just be careful of that when you set it up.
If you can't use just OmniAuth, maybe because, like in my case, you want to use ActiveAdmin which depends on Devise and methods like current_user would conflict, you can just override the login page with your own:
match '/users/sign_in', :to => "sessions#new"
devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
I have a "Sign in with Facebook" link in my nav, but this page is necessary for redirecting users when they're trying to access a protected page while not logged in.
Edit: Actually, there is a section on the wiki page: "Using OmniAuth without other authentications"
I'm starting using Devise in my Rails app, but the Token Authenticatable: signs in a user based on an authentication token (also known as "single access token") module puzzles me.
Is the user authenticated only for his current session? If he uses now the URL containing the token, can he re-use it at a later tine and still have access, or does he get a single access?
Can multiple users be authenticated at the same time, using the same token?
I have searched extensively for a working example; please forgive me if this is explained elsewhere.
Any pointers would be more than welcomed. Thanks for your help.
The short answer is: it's up to you.
This module only provides a few
helpers to help you manage the token,
but it is up to you to choose how to
use it. For example, if you want to
have a new token every time the user
saves his account, you can do the
following:
before_save :reset_authentication_token
On the other hand, if you want to
generate token unless one exists, you
should use instead:
before_save :ensure_authentication_token
If you want to delete the token after
it is used, you can do so in the
after_token_authentication callback.
See the documentation for this model at http://rdoc.info/github/plataformatec/devise/master/Devise/Models/TokenAuthenticatable.