omniauth / omniauth Goto Github PK
View Code? Open in Web Editor NEWOmniAuth is a flexible authentication system utilizing Rack middleware.
License: MIT License
OmniAuth is a flexible authentication system utilizing Rack middleware.
License: MIT License
The ruby-openid-apps-discovery adds Google apps-specific functionality to the OpenID discovery process. Unfortunately it adds it first, so all OpenID requests query Google first, then continue through the normal discovery process, regardless of the host of a given domain.
If "require 'gapps_openid'" is moved to strategy/google_apps the Google App strategy won't happen when the OmniAuth's Google App strategy isn't used. However, once it is required, it pollutes all OpenID discovery, not just Google Apps.
Here's an example of a patch that tries regular discovery first, and the Google-specific discovery second. The idea is that if a uri is hosting an OpenIDs, Google shouldn't have the opportunity to override that. It looks like it should work, but I don't have a Google Apps account to verify.
http://github.com/samsm/omniauth/tree/less-obtrusive-gapps
Right now the request_phase
completely ignores the application. Numerous people have requested the ability for runtime configuration of providers, and there's no way to do this when the app isn't involved in the mix. I'm proposing calling the app and handling a few different things, including runtime configuration or optionally preventing the authentication flow through some means (for instance, if an app doesn't want logged in users to try to log in again).
Need some more thought on implementation, but this is a definite win for making it more flexible.
OmniAuth::ActiveModel::LoadUser
- if the 'auth'
Hash
exists, load a User
(class configurable) via Credential.where(:provider => provider, :uid => uid).user
.OmniAuth::ActiveModel::AddCredentialToUser
- if signed in and the 'auth'
Hash
exists, add the Credential
(class configurable) to the signed in User
's #credentials
.OmniAuth::ActiveModel::CreateUserFromCredential
- if not signed in and the 'auth'
Hash
exists and no corresponding User
is found, create a new one from the Credential
.OmniAuth::ActiveModel::DoItForMe
- all three of the above, in orderOmniAuth::Strategies::OpenID#get_identifier
currently does this:
response = app.call(env)
Unless I'm misunderstanding something, shouldn't it do the same thing as #start
, i.e. the following?
openid = Rack::OpenID.new(dummy_app, @store)
response = openid.call(env)
Instead, use a Rake task that generates the gemspec files for each gem.
Hi,
http://gist.github.com/525907 is a working Google OAuth strategy, but requires a monkeypatch to pass the required scope
parameter when getting the request token. Google will not be your friend if you don't pass it.
Since we're trying to make this as simple and standard as possible, we should mimic a Portable Contacts response for identifying information rather than the proprietary schema used now.
Just stumbled upon this: http://portablecontacts.net/draft-spec.html
Any opinions?
A mixin that provides current_user
and current_user=
, integrated with OmniAuth::ActiveModel::LoadUser
.
Rack 1.2 is out. OmniAuth currently depends on rack ~> 1.1
, which excludes 1.2. Complex dependency requirements like ">= 1.1, < 2" aren't allowed, so what should we use? ">= 1.1" will work for now, but might fail if Rack breaks something we rely on in a later version.
Today omniauth passes two arguments to config.on_failure:
http://github.com/intridea/omniauth/blob/master/oa-core/lib/omniauth/strategy.rb#L89
It would be nice if we only passed the env hash, then conforming to the Rack API. The message_key could be stored in the env hash as well.
According to the Rack spec:
The prefix rack. is reserved for use with the Rack core distribution and other accepted specifications and must not be used otherwise.
Omniauth should use its own namespace (proposal: omniauth.auth rather than rack.auth).
Seems like a worthwhile addition :-)
Not a whole lot of details, just this error message and a few references to Rails middleware rescue templates:
invalid value for Integer(): ":"
Rails 3.0.1, Ruby 1.9.2
Trying to install omniauth from GIT and I get through bundle install:
Bundler could not find compatible versions for gem "faraday":
In Gemfile:
omniauth depends on
faraday (~> 0.4.1)
twitter depends on
faraday (0.5.1)
It seems there it is incompatible with the Twitter gem. Why is Omniauth still using an older version of Faraday? Is there any reason for this?
There are a few pull requests and issues regarding strategies that don't fit into any of the existing gem buckets. I'm proposing an oa-more
gem that will handle those.
http://github.com/intridea/omniauth/blob/master/oa-oauth/lib/omniauth/strategies/oauth.rb#L27
In the oauth strategy, the user is being attached to the request params rather than env['rack.auth']
I just started to migrate a Rails 3 app to OmniAuth from Devise. I would like to use Twitter and Facebook as an authentication provider.
If I navigate to /auth/twitter my app fail. The error message is this:
omniauth/strategies/oauth.rb: in request_phase, line 17
My config.ru file:
require ::File.expand_path('../config/environment', FILE)
use OmniAuth::Builder do
provider :twitter, 'xy', 'xy'
provider :facebook, '', ''
end
I test it on localhost, I know it won't fire the callback, but I think it should redirect me to Twitter without any hassle. What can go wrong?
Thanks!
The current oauth strategy always assume a code was returned back from the client, which is not always true. According to oauth specs, Omniauth should check if params[:error] was sent as well. You may also want to check for params[:error_reason], which is not in the specs but is what facebook returns currently.
Here is some excerpt from Devise Oauth2:
http://github.com/plataformatec/devise/blob/master/lib/devise/oauth/internal_helpers.rb#L86
Passing a :scope to the provider
method does not actually override the default scope being passed. I had to monkeypatch around it.
module OmniAuth
module Strategies
class Facebook
def request_phase(options = {})
options[:scope] ||= "email,offline_access,publish_stream"
super(options)
end
end
end
end
I have been getting issues installing 0.0.3 successfully. The recent commits seem to fix some of these issues, it would be nice if we could get this gem pushed out soon? thanks.
In oa-openid-0.1.4, the OpenID Strategy instantiation deletes :name from the options hash (lib/omniauth/strategies OpenID#initialize(): line 27). From the 2nd time on, the default name is used as opposed to the user-specified name. This causes the auth/#{name} path to change after the first time it is used. For example, if I set :name => :google, when I point the browser to auth/google, everything works fine. If I refresh the same url, the route is not recognized. But the default auth/google_apps works this time. In v0.1.3, the :name option is not deleted. Is there a reason the :name option is deleted?
Use VCR to record a Basecamp login then test against it.
Could a license file be included with OmniAuth?
Ideally it would be nice if you could configure separate paths for different actions.
Setting your own custom authorize/callback and failure paths could make it easier to integrate into existing applications. This mainly applies for failures though.
Clients of OmniAuth should be able to use any JSON library they want. Depend on multi_json
instead of json
directly.
I'm using Omniauth 0.1.2 with Ruby 1.9.2 and Rails 3.0.0. When accessing /auth/open_id
I get a form requesting me to fill in my OpenID. After logging in to my OpenID provider I'm redirected to /auth/open_id/callback
with the following error.
ArgumentError (wrong number of arguments (0 for 1)): oa-openid (0.1.2) lib/omniauth/strategies/open_id.rb:88:in `auth_hash' oa-core (0.1.2) lib/omniauth/strategy.rb:42:in `callback_phase' oa-openid (0.1.2) lib/omniauth/strategies/open_id.rb:82:in `callback_phase' oa-core (0.1.2) lib/omniauth/strategy.rb:27:in `call!' ...
Looking into it, it appears the OpenID strategy overrides the auth_hash
method and adds an argument to it. It looks like this argument isn't being passed in the callback_phase
method.
Maybe pass in the response arg some other way so all strategies behave similarly and don't require different arguments?
Using Omniauth 0.1.2 with Ruby 1.9.2 and Rails 3, when I access /auth/open_id
and include "http://" as part of my open id identifier (like "http://ryanbates.myopenid.com"), WEBrick will raise a WEBrick::HTTPStatus::RequestURITooLarge error. The URL includes /auth/open_id/callback
with many parameters.
I don't know if this is just a limitation of WEBrick, but it would be nice if this gem generated shorter urls so this wasn't a problem.
When I try to install the omniauth gem I get the following error:
ERROR: Error installing omniauth:
oa-basic requires restclient (>= 0, runtime)
This is even though I have verified that I do have the restclient gem installed.
If I at one point add the provider :open_id
option and later remove it, I will get this error when visiting my application.
ActionDispatch::Session::SessionRestoreError Session contains objects whose class definition isn't available. Remember to require the classes for all objects kept in the session. (Original exception: uninitialized constant OpenID [NameError])
Looks like it's storing an OpenID object directly in the session. Perhaps it can be stored as a hash or something more primitive so this isn't a problem?
:path_prefix should be an option given to each strategy instead.
Before calling on_failure, we could store the strategy in the env hash:
env["omniauth.failed_strategy"] = self
This would be useful if we need access to the strategy data in the hook.
The rack-openid project doesn't yet support this parameter. Once it does, the OpenID strategy should use that as the name of the form input so browsers will autocomplete properly.
Facebook sends only "error_reason" when an error happens. So this line:
http://github.com/intridea/omniauth/blob/master/oa-oauth/lib/omniauth/strategies/oauth2.rb#L53
Should be something like:
if request.params["error"] || request.params["error_reason"]
Use the following, from Railscasts 68
/* embeds the openid image in the text field */
input#openid_url {
background: url(http://openid.net/login-bg.gif) no-repeat;
background-color: #fff;
background-position: 0 50%;
color: # 000; /* there shouldn't be a space before the 0, but GitHub's parser tries to turn it into an issue link */
padding-left: 18px;
}
If would be nice to support multiple open_id providers at once, such as:
provider :open_id, nil, :name => 'google', :identifier => 'https://www.google.com/accounts/o8/id'
provider :open_id, nil, :name => 'yahoo', :identifier => 'https://me.yahoo.com/inviite'
As it stands now, if I declare both - only the first one (google) actually functions from /auth/open_id. /auth/google does not work
I try to use this gem in Rails, but I don't know which is the best way to integrate. Maybe a wrapper plugin for Rails will be nice. I read in the roadmap that there's a plan to build a Rails3 engine, but I think that it'll be great to have support for Rails 2.3.x.
Gemfile
gem 'omniauth', :git => 'http://github.com/intridea/omniauth.git'
gem 'rails', '2.3.5'
bundle
Bundler could not find compatible versions for gem "rack":
In Gemfile:
omniauth depends on
rack (~> 1.1)
rails (= 2.3.5) depends on
rack (1.0.1)
#user_info
should delete keys, not fetch them, so they're not duplicated between user_info
and extra
Hash
es.
Create a simple Rack app that requires password authentication and test against it.
Use VCR to record a Campfire login then test against it.
Something along these lines is ok:
def initialize(app, name, *args)
@app = app
@name = name.to_sym
yield self if block_given?
end
Michael mentioned an interested on having blocks being executed on each request. We can likely achieve that using a small builder:
use Twitter do |strategy|
# This is Devise use case. Read/write a value on initialization.
strategy.client = Faraday::Connection.new
# This is on request use case.
strategy.on_request { |env| # do something }
end
on_request would simply be a method in the strategy that stores the lambda.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.