omniauth / omniauth Goto Github PK

The ruby-openid-apps-discovery adds Google apps-specific functionality to the OpenID discovery process. Unfortunately it adds it first, so all OpenID requests query Google first, then continue through the normal discovery process, regardless of the host of a given domain.

If "require 'gapps_openid'" is moved to strategy/google_apps the Google App strategy won't happen when the OmniAuth's Google App strategy isn't used. However, once it is required, it pollutes all OpenID discovery, not just Google Apps.

Here's an example of a patch that tries regular discovery first, and the Google-specific discovery second. The idea is that if a uri is hosting an OpenIDs, Google shouldn't have the opportunity to override that. It looks like it should work, but I don't have a Google Apps account to verify.
http://github.com/samsm/omniauth/tree/less-obtrusive-gapps

See http://groups.google.com/group/37signals-api/browse_thread/thread/86b0da52134c1b7e

Right now the request_phase completely ignores the application. Numerous people have requested the ability for runtime configuration of providers, and there's no way to do this when the app isn't involved in the mix. I'm proposing calling the app and handling a few different things, including runtime configuration or optionally preventing the authentication flow through some means (for instance, if an app doesn't want logged in users to try to log in again).

Need some more thought on implementation, but this is a definite win for making it more flexible.

• OmniAuth::ActiveModel::LoadUser - if the 'auth' Hash exists, load a User (class configurable) via Credential.where(:provider => provider, :uid => uid).user.
• OmniAuth::ActiveModel::AddCredentialToUser - if signed in and the 'auth' Hash exists, add the Credential (class configurable) to the signed in User's #credentials.
• OmniAuth::ActiveModel::CreateUserFromCredential - if not signed in and the 'auth' Hash exists and no corresponding User is found, create a new one from the Credential.
• OmniAuth::ActiveModel::DoItForMe - all three of the above, in order

OmniAuth::Strategies::OpenID#get_identifier currently does this:

response = app.call(env)

Unless I'm misunderstanding something, shouldn't it do the same thing as #start, i.e. the following?

openid = Rack::OpenID.new(dummy_app, @store)
response = openid.call(env)

Instead, use a Rake task that generates the gemspec files for each gem.

Hi,

http://gist.github.com/525907 is a working Google OAuth strategy, but requires a monkeypatch to pass the required scope parameter when getting the request token. Google will not be your friend if you don't pass it.

Since we're trying to make this as simple and standard as possible, we should mimic a Portable Contacts response for identifying information rather than the proprietary schema used now.

http://rdoc.info/projects/intridea/omni_auth
http://rdoc.info/projects/intridea/omniauth

• CAS
• LDAP username and password

Just stumbled upon this: http://portablecontacts.net/draft-spec.html
Any opinions?

A mixin that provides current_user and current_user=, integrated with OmniAuth::ActiveModel::LoadUser.

Rack 1.2 is out. OmniAuth currently depends on rack ~> 1.1, which excludes 1.2. Complex dependency requirements like ">= 1.1, < 2" aren't allowed, so what should we use? ">= 1.1" will work for now, but might fail if Rack breaks something we rely on in a later version.

Today omniauth passes two arguments to config.on_failure:

http://github.com/intridea/omniauth/blob/master/oa-core/lib/omniauth/strategy.rb#L89

It would be nice if we only passed the env hash, then conforming to the Rack API. The message_key could be stored in the env hash as well.

See http://groups.google.com/group/37signals-api/browse_thread/thread/86b0da52134c1b7e

According to the Rack spec:

The prefix rack. is reserved for use with the Rack core distribution and other accepted specifications and must not be used otherwise.

Omniauth should use its own namespace (proposal: omniauth.auth rather than rack.auth).

Seems like a worthwhile addition :-)

Not a whole lot of details, just this error message and a few references to Rails middleware rescue templates:

invalid value for Integer(): ":"

Rails 3.0.1, Ruby 1.9.2

Trying to install omniauth from GIT and I get through bundle install:

Bundler could not find compatible versions for gem "faraday":
In Gemfile:
omniauth depends on
faraday (~> 0.4.1)

twitter depends on
  faraday (0.5.1)

It seems there it is incompatible with the Twitter gem. Why is Omniauth still using an older version of Faraday? Is there any reason for this?

There are a few pull requests and issues regarding strategies that don't fit into any of the existing gem buckets. I'm proposing an oa-more gem that will handle those.

http://github.com/intridea/omniauth/blob/master/oa-oauth/lib/omniauth/strategies/oauth.rb#L27

In the oauth strategy, the user is being attached to the request params rather than env['rack.auth']

I just started to migrate a Rails 3 app to OmniAuth from Devise. I would like to use Twitter and Facebook as an authentication provider.

If I navigate to /auth/twitter my app fail. The error message is this:
omniauth/strategies/oauth.rb: in request_phase, line 17

My config.ru file:
require ::File.expand_path('../config/environment', FILE)
use OmniAuth::Builder do
provider :twitter, 'xy', 'xy'
provider :facebook, '', ''
end

I test it on localhost, I know it won't fire the callback, but I think it should redirect me to Twitter without any hassle. What can go wrong?

Thanks!

The current oauth strategy always assume a code was returned back from the client, which is not always true. According to oauth specs, Omniauth should check if params[:error] was sent as well. You may also want to check for params[:error_reason], which is not in the specs but is what facebook returns currently.

Here is some excerpt from Devise Oauth2:

http://github.com/plataformatec/devise/blob/master/lib/devise/oauth/internal_helpers.rb#L86

Passing a :scope to the provider method does not actually override the default scope being passed. I had to monkeypatch around it.

module OmniAuth
  module Strategies
    class Facebook
      def request_phase(options = {})
        options[:scope] ||= "email,offline_access,publish_stream"
        super(options)
      end
    end
  end
end

I have been getting issues installing 0.0.3 successfully. The recent commits seem to fix some of these issues, it would be nice if we could get this gem pushed out soon? thanks.

http://msdn.microsoft.com/en-us/library/bb676633.aspx
http://msdn.microsoft.com/en-us/library/bb676626.aspx
http://msdn.microsoft.com/en-us/library/bb676634.aspx (ruby impl.)

In oa-openid-0.1.4, the OpenID Strategy instantiation deletes :name from the options hash (lib/omniauth/strategies OpenID#initialize(): line 27). From the 2nd time on, the default name is used as opposed to the user-specified name. This causes the auth/#{name} path to change after the first time it is used. For example, if I set :name => :google, when I point the browser to auth/google, everything works fine. If I refresh the same url, the route is not recognized. But the default auth/google_apps works this time. In v0.1.3, the :name option is not deleted. Is there a reason the :name option is deleted?

Use VCR to record a Basecamp login then test against it.

Could a license file be included with OmniAuth?

Ideally it would be nice if you could configure separate paths for different actions.
Setting your own custom authorize/callback and failure paths could make it easier to integrate into existing applications. This mainly applies for failures though.

Clients of OmniAuth should be able to use any JSON library they want. Depend on multi_json instead of json directly.

I'm using Omniauth 0.1.2 with Ruby 1.9.2 and Rails 3.0.0. When accessing /auth/open_id I get a form requesting me to fill in my OpenID. After logging in to my OpenID provider I'm redirected to /auth/open_id/callback with the following error.

ArgumentError (wrong number of arguments (0 for 1)):
oa-openid (0.1.2) lib/omniauth/strategies/open_id.rb:88:in `auth_hash'
oa-core (0.1.2) lib/omniauth/strategy.rb:42:in `callback_phase'
oa-openid (0.1.2) lib/omniauth/strategies/open_id.rb:82:in `callback_phase'
oa-core (0.1.2) lib/omniauth/strategy.rb:27:in `call!'
...

Looking into it, it appears the OpenID strategy overrides the auth_hash method and adds an argument to it. It looks like this argument isn't being passed in the callback_phase method.

Maybe pass in the response arg some other way so all strategies behave similarly and don't require different arguments?

Using Omniauth 0.1.2 with Ruby 1.9.2 and Rails 3, when I access /auth/open_id and include "http://" as part of my open id identifier (like "http://ryanbates.myopenid.com"), WEBrick will raise a WEBrick::HTTPStatus::RequestURITooLarge error. The URL includes /auth/open_id/callback with many parameters.

I don't know if this is just a limitation of WEBrick, but it would be nice if this gem generated shorter urls so this wasn't a problem.

When I try to install the omniauth gem I get the following error:
ERROR: Error installing omniauth:
oa-basic requires restclient (>= 0, runtime)

This is even though I have verified that I do have the restclient gem installed.

If I at one point add the provider :open_id option and later remove it, I will get this error when visiting my application.

ActionDispatch::Session::SessionRestoreError

Session contains objects whose class definition isn't available.
Remember to require the classes for all objects kept in the session.
(Original exception: uninitialized constant OpenID [NameError])

Looks like it's storing an OpenID object directly in the session. Perhaps it can be stored as a hash or something more primitive so this isn't a problem?

:path_prefix should be an option given to each strategy instead.

Before calling on_failure, we could store the strategy in the env hash:

env["omniauth.failed_strategy"] = self

This would be useful if we need access to the strategy data in the hook.

The rack-openid project doesn't yet support this parameter. Once it does, the OpenID strategy should use that as the name of the form input so browsers will autocomplete properly.

Facebook sends only "error_reason" when an error happens. So this line:

http://github.com/intridea/omniauth/blob/master/oa-oauth/lib/omniauth/strategies/oauth2.rb#L53

Should be something like:

if request.params["error"] || request.params["error_reason"]

Use the following, from Railscasts 68

/* embeds the openid image in the text field */
input#openid_url {
  background: url(http://openid.net/login-bg.gif) no-repeat;
  background-color: #fff;
  background-position: 0 50%;
  color: # 000; /* there shouldn't be a space before the 0, but GitHub's parser tries to turn it into an issue link */
  padding-left: 18px;
}

If would be nice to support multiple open_id providers at once, such as:

provider :open_id, nil, :name => 'google', :identifier => 'https://www.google.com/accounts/o8/id'
provider :open_id, nil, :name => 'yahoo', :identifier => 'https://me.yahoo.com/inviite'

As it stands now, if I declare both - only the first one (google) actually functions from /auth/open_id. /auth/google does not work

I try to use this gem in Rails, but I don't know which is the best way to integrate. Maybe a wrapper plugin for Rails will be nice. I read in the roadmap that there's a plan to build a Rails3 engine, but I think that it'll be great to have support for Rails 2.3.x.

Gemfile
gem 'omniauth', :git => 'http://github.com/intridea/omniauth.git'
gem 'rails', '2.3.5'
bundle
Bundler could not find compatible versions for gem "rack":
In Gemfile:
omniauth depends on
rack (~> 1.1)

  rails (= 2.3.5) depends on
    rack (1.0.1)

#user_info should delete keys, not fetch them, so they're not duplicated between user_info and extra Hashes.

Create a simple Rack app that requires password authentication and test against it.

Use VCR to record a Campfire login then test against it.

Something along these lines is ok:

def initialize(app, name, *args)
  @app = app
  @name = name.to_sym
  yield self if block_given?
end

Michael mentioned an interested on having blocks being executed on each request. We can likely achieve that using a small builder:

use Twitter do |strategy|
  # This is Devise use case. Read/write a value on initialization.
  strategy.client = Faraday::Connection.new

  # This is on request use case.
  strategy.on_request { |env| # do something }
end

on_request would simply be a method in the strategy that stores the lambda.