I am not sure if this is a right place to put this question... Sorry for this...
But I am in dispair...
Can somebody help me?

(Originally I asked this question at http://stackoverflow.com/questions/11506734/routing-error-no-route-matches-when-omniauth-failed-on-registration)

I am using omniauth-identity and configure its "fail on registration".

My files:

config/initializers/omniauth.rb

OmniAuth.config.logger = Rails.logger

Rails.application.config.middleware.use OmniAuth::Builder do
  #...
  provider :identity, on_failed_registration: lambda { |env|
    IdentitiesController.action(:new).call(env)
  }
end

config/routes.rb

Wie::Application.routes.draw do
  root to: 'categories#index'

  ActiveAdmin.routes(self)
  devise_for :admin_users, ActiveAdmin::Devise.config

  match 'auth/:provider/callback', to: 'sessions#create'
  match 'auth/failure', to: 'sessions#failure'
  match 'signout', to: 'sessions#destroy', as: 'signout'
  resources :identities#, only: [:new]
  resources :categories, path: '', only: [:index] do
    resources :entries, path: '', only: [:index, :show]
  end
end

app/controllers/identities_controller.rb

class IdentitiesController < ApplicationController
  def new
    ariane.add "New Account"

    @identity = env['omniauth.identity']
  end
end

When I have a failure on registration (passing incorrect mail), I get the following:

in browser:

Routing Error

No route matches {} Try running rake routes for more information on
available routes.

in server log:

Started POST "/auth/identity/register" for 127.0.0.1 at 2012-07-16
17:35:48 +0300 (0.1ms) begin transaction Identity Exists (0.2ms)
SELECT 1 AS one FROM "identities" WHERE "identities"."email" = 'foo'
LIMIT 1 (0.1ms) rollback transaction Processing by
IdentitiesController#new as HTML Parameters: {"utf8"=>"✓",
"authenticity_token"=>"HIDDEN :)>=",
"name"=>"", "email"=>"foo", "password"=>"[FILTERED]",
"password_confirmation"=>"[FILTERED]", "commit"=>"Register"}
Rendered identities/new.html.erb within layouts/application (11.2ms)
Completed 500 Internal Server Error in 44ms

ActionController::RoutingError (No route matches {}):
app/views/layouts/application.html.erb:35:in
_app_views_layouts_application_html_erb___1224394470845933684_70120630781720' config/initializers/omniauth.rb:8:incall'
config/initializers/omniauth.rb:8:in `block (2 levels) in <top
(required)>'

Rendered
/Users/ayia/.rvm/gems/ruby-1.9.3-p125@global/gems/actionpack-3.2.6/lib/action_dispatch/middleware/templates/rescues/routing_error.erb within rescues/layout (0.6ms)

What can be the reason for this? What did I wrong?

UPDATE
What I do not understand is - why I get Started POST "/auth/identity/register"? According to omniauth configuration I should get the view correspondent to the IdentitiesController.action(:new), i.e. /identities/new ...

how can user and customer registration using identity? those 2 has difference registration and session . user to backend application. customer to front end

I noticed by default, if there's a validation error in the registration form, it brings the user back to the form without displaying any error messages as to what went wrong. There is an on_failed_registration option for just this scenario, but it requires you implement a rack endpoint (or Rails controller action) to handle the error and display a form. This takes away from the quick and easy appeal of this gem. It would be much better if the registration form had some validation handling by default.

Since different ORMs can handle validation errors differently, I suggest adding a simple "error_messages" method on the Identity model which simply returns an array of validation errors. Behind the scenes this can do whatever is necessary for that ORM, such as calling "errors.full_messages" in Active Record.

For e.g. existing systems where BCrypt has not been used as the encryption strategy for the persisted password digests, it would be most helpful to be able to specify an alternative to Bcrypt. If I'm not mistaken it would suffice to override the methods authenticate and password= in https://github.com/intridea/omniauth-identity/blob/master/lib/omniauth/identity/secure_password.rb

When using custom login/registration forms (as shown in Railscast 304), the default forms e.g. on "/auth/identity/register" are still being served. It would be nice to add an option with a path to which these routes are redirected.

A hack is described on Stackoverflow, however, it involves monkey patching and might not be the most future proof solution:

http://stackoverflow.com/questions/8854703/override-auth-identity-page-of-omniauth-identity

Another workaround described elsewhere does something like this:

Rails.configuration.middleware.insert_before(Rack::Lock, Rack::Rewrite) do
  rewrite '/auth/identity/register', '/sign_in', method: /get/i
end

This won't work with threadsafe!, though: ".../actionpack-3.2.13/lib/action_dispatch/middleware/stack.rb:120:in 'assert_index': No such middleware to insert before: Rack::Lock (RuntimeError)"

Hi, I am trying to put form validations on omniauth-identity in rails 4. However, it is failing continuously with the following error:

["Password can't be blank",
"Password can't be blank",
"Password is too short (minimum is 8 characters)"]

My validations look like this in identity.rb

validates :name, presence: true, format: { with: Constants::NAME_REGEX }
validates :email, presence: true, format: { with: Constants::EMAIL_REGEX }
validates :password, presence: true, length: { minimum: 8 }

Can you point out the mistake or what I may be doing wrong?

Hi,

If I understand correctly, omniauth-identity is allowing the user to associate an email+password for login. But there is no check to make sure the email actually belongs to that user. They are granted the permission immeadiately.

Now, my worry is with the trend of multi omniauth strategies , say I have well known user [email protected] that logged in via Facebook, but not Identity. Then I come along and I login using his email address and make up a password, won't I get access to his account?

That is based on some of the blogs I read that associate multiple omni auth strategies to the same account via email address.

Let me know,

Peter

I'm attempting to lock out a user if they fail to login after x attempts. It's easy enough to track the failed login attempts, but when the authentication fails, I can't find the auth_key value anywhere in either the request or response, which would be useful.

Omniauth Identity seems to make distinction between capitalization on comparison in the identity table. A valid user with an email stored as [email protected] will fail if the user enters into the login form: [email protected].

Any workaround suggestions work for me...Rails 2 specific please.

I'm using Mongoid and OmniAuth Identity, only requiring email address. The sign-up form is allowing me to create multiple identities with the same email address. I would have expected some sort of error there, saying that email address is already taken. Am I missing something?

The omniauth-identity gem on Rubygems has the same version as the one on Github (1.1.0), but the code is different. A quick reference point: the docs on Github reference a locate_conditions option, whereas the docs on Rubygems do not: http://rubydoc.info/gems/omniauth-identity/1.1.0/frames

For anyone who needs the locate_conditions feature, you can get it by install the gem with this line in your Gemfile:

gem 'omniauth-identity', git: 'https://github.com/intridea/omniauth-identity.git'

I'm receiving a NameError in a sinatra app with datamapper:

Model:

class Identity
  include DataMapper::Resource
  include OmniAuth::Identity::Models::DataMapper

  property :name,            String
  property :email,           String
  property :password_digest, String
end

...

use OmniAuth::Builder do
  provider :twitter, 'XXXXXXXXXXXXXXX', 'XXXXXXXXXXXX'
  provider :identity, :fields => [:email]
end

Gemfile

gem 'omniauth-identity'

Appfile:

require 'omniauth-identity'

Error Message which I receive when I run my app:

`<class:Identity>': uninitialized constant OmniAuth::Identity::Models::DataMapper (NameError)

Twitter works fine before I included Identity.

How would one go about doing this? I'm no ruby-master, but i couldn't find an answer for this.

The README says:

OmniAuth Identity is different from many other user authentication systems in that it is not intended to be associated with your primary User model. Instead, the Identity model should be associated with your User model..

That sounds contradictory and should be reworded.

I seem to be running into an issue using the Identity provider with Datamapper. I'm using Sinatra and have created the following two models.

class Identity
include DataMapper::Resource
include OmniAuth::Identity::Models::DataMapper

attr_accessor :password_confirmation

property :id, Serial
property :email, String
property :password_digest, Text

belongs_to :user
end

AND

class User
include DataMapper::Resource

property :id, Serial
property :username, String, :required => true, :index => true
property :name, String, :required => true
property :bio, Text
property :created_at, DateTime
property :updated_at, DateTime

has n, :identities
end

When using the above models as they are (with the associations in place), I am unable to successfully create a new Identity using '/auth/identity/register'. However, if I remove the associations, the new Identity is created without a problem. I'm pretty new to Ruby and am still learning my way around OmniAuth so perhaps I'm missing a simple configuration or something but I can't seem to get past this hurdle. Has anyone else had this problem?

You require both password and password_confirmation, yet if a user supplies only a password_confirmation then update actions do not fail like they would if password was supplied without password_confirmation.

When redirect to /auth/:provider/callback, omniauth-identity does not have CSRF token. This brings 2 problems.

• CSRF risk.
• No persist session, like authentication data and session[:user_id], because no CSRF token causes no authentication token.

Below is related issue, and this is very rails-specific code, I also think.
Adding authenticity token so session will persist

With:
omniauth-identity v1.1.0, rails v4.1(perhaps above v4.0)

When I try do login with incorrect username or password I get this error:
OmniAuth::Error
invalid_credentials

It don't render /auth/failure, just raise this error and stop. When I login with a correct username/password it's works fine.

Someone had this error too?

Right now, it's impossible to enable some sort of custom validations on user registration, such as captchas or the like. I propose (and am willing to write) an additional option like :on_registration_failed which would allow you to add a validation callback a la

Rails.application.config.middleware.use OmniAuth::Builder do 
  provider :identity,
    model: User,
    fields: [:email, :first_name, :last_name, :phone, :title],
    on_failed_registration: lambda { |env| HomeController.action(:index).call(env) },
    on_validation: lambda { |env| validate_captcha.call(env) }
end

  def validate_captcha env
    return true if recaptcha_valid?

    return false
  end�

Thoughts?

All the model adapters feature an override of auth_key= that looks something like this:

        def self.auth_key=(key)
          super
          validates_uniqueness_of key, :case_sensitive => false
        end

Problem is, there's no superclass method, so this blows up if you try to actually call it. Is this supposed to be patching the auth_key method instead?

I cloned railscast episode 304 and got it running. Then updated the Gemfile like so:

source 'http://rubygems.org'

gem 'rails', '3.2.3'
gem 'sqlite3'

group :assets do
gem 'sass-rails', '> 3.2.3'
gem 'coffee-rails', '> 3.2.1'
gem 'uglifier', '>= 1.0.3'
end

gem 'jquery-rails'

gem 'bcrypt-ruby', '~> 3.0.0'

gem 'omniauth-twitter'
gem 'omniauth-facebook'
gem 'omniauth-google-oauth2'
gem 'omniauth-identity'

When entering an invalid password for a valid user I get the following error page:

OmniAuth::Error

invalid_credentials
Rails.root: /home/[redacted]/Workspace/episode-304/auth-after

Application Trace | Framework Trace | Full Trace
Request

Parameters:

{"utf8"=>"✓",
"authenticity_token"=>"[redacted]",
"auth_key"=>"[redacted]",
"password"=>"[FILTERED]",
"commit"=>"Login"}
Show session dump

Show env dump

Response

Headers:

None

I've been implementing multiple authentication with different omniauth providers, and while I appreciate the drop-in-and-go simplicity of omniauth-identity, it creates an Identity object (line 63) as part of its registration process that subsequently isn't found by the multiple providers implementation guide because the creation doesn't populate the Identity.provider attribute - because it doesn't know about it!

Here's the relevant part of the code from the guide:

# app/models/identity.rb
class Identity < ActiveRecord::Base
  belongs_to :user

  def self.find_with_omniauth(auth)
    find_by(uid: auth['uid'], provider: auth['provider'])
  end

  ...

end

Possible fix: Add an option to tell omniauth-identity that there's a 'provider' attribute on the Identity object and to populate it.

Unless you know another way to make it play a little more seamlessly? Thanks :o)

This line here forces a validation on the password_digest attribute, which outputs silly validation errors like

Password digest can't be blank

No normal user knows what a password digest is. As it's not possible to remove validations once they are added, I propose you simply remove the validations altogether. Leave it up to the developer to enforce their own validations.

I am struggling to access the identity object in case of failed login inside my SessionsController#failure action.

I was wondering if it is possible to be accessed as in IdentitiesController#new action ( env['omniauth.identity'] ).

Proposoal

This gem should use salted passwords in order to prevent a rainbow table based attack.

I think the easiest way to do this is to have a required field (called "Salt") in the Identity model, which would be filled with a random value when a new record in the table is initialized. This salt should then be combined with the password which is entered, prior to creating the hash.

Benefits

The advantages of including salt are:

1. If two people have the same password, a person viewing the hashed password can't tell
2. Prevents attacks which utilize pre-computed dictionaries of common passwords

This is probably a shortcoming on my part, but I can't figure out how to prevent an unauthenticated user from accessing the /auth/identity/register route.

This is necessary in any application where access is not intended to be "open", and an administrator (or any other specific role) is required to create an account. Any application intended to serve a small community on an invitation-only basis needs this functionality.

I need to create a new user of OMNIAUTH IDENTITY from a controller which accepts email and password along with the controller specific data.

I tried but I could get it to work.

redirect_to("/auth/identity/register?email=" + URI::escape(params["email"]) + "&password="+ URI::escape(params["email"]))

Or something like
Identity.create(:email => params["email"], :password=>params["email"])
session[:authhash] = @authhash
@newuser = User.new # from session[:authhash]
Other Processing

There doesn't appear to be a license defined for this library. I'm assuming it's MIT, since the rest of the Omniauth libraries are ... but there is no reference in the gemspec nor a LICENSE file in the root.

I think that omniauth-identity is a great gem for adding email authentication to an app, but I haven't any use the built-in views and every app is different in style.

I would like to hear if we could retire these built-in views?

With an integration test that looks like

it 'should make a new user' do
  lambda do
    visit register_path
    fill_in 'first_name',            :with => 'bob'
    fill_in 'last_name',             :with => 'hope'
    fill_in 'email',                 :with => '[email protected]'
    fill_in 'password',              :with => 'password'
    fill_in 'password_confirmation', :with => 'password'

     click_button 'Go!'
     #    save_and_open_page
     page.current_path.should eq(registration_step_one_path)
  end.should change(User, :count).by(1)
end

The POST path '/auth/identity/register' is not found by Capybara

Hey,

I'm having a big problem trying to add additional fields to the registration process where it somewhere losing the email address internally?

If I leave everything as standard, then the registration works perfectly. Now I want to add a date of birth, and gender field to the process, so in my omniauth confi, I've added

provider :identity, fields: [:name, :email, :gender, :dob_year, :dob_month, :dob_day]

And that's fine, if I load the default registration form provided by omniauth-identity they show up, but when I then try and register I have issues. It appears to create the Identity on the database itself which is great, but then when it attempts to retrieve the Identity (I assume to login) I see the following in the logs :

Started POST "/auth/identity/register" for 127.0.0.1 at 2012-08-08 13:47:12 +0100
   (13.3ms)  SELECT 1 FROM "identities" WHERE "identities"."email" = '[email protected]' LIMIT 1
Binary data inserted for `string` type on column `password_digest`
  SQL (39.7ms)  INSERT INTO "identities" ("created_at", "dob_day", "dob_month", "dob_year", "email", "gender", "name", "password_digest", "updated_at") VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)  [["created_at", Wed, 08 Aug 2012 12:47:13 UTC +00:00], ["dob_day", 9], ["dob_month", 2], ["dob_year", 1989], ["email", "[email protected]"], ["gender", "Male"], ["name", "tester"], ["password_digest", "$2a$10$1apvNK5SKO.0TiOUByRfQ.Ul8NXRkLIErtiDjPtI7DtnFKK7GL8Pe"], ["updated_at", Wed, 08 Aug 2012 12:47:13 UTC +00:00]]
(identity) Callback phase initiated.
  Identity Load (0.3ms)  SELECT "identities".* FROM "identities" WHERE "identities"."email" IS NULL LIMIT 1
(identity) Authentication failure! invalid_credentials encountered.

It then redirects me back to my login screen. I can then login and it's fine, but I need the redirect after registration to work.
Any reason this is happening?

I have added the fields to my Identity model with

attr_accessible :name, :email, :password, :password_confirmation, :dob_year, :dob_month, :dob_day, :gender

I am really stumped and cannot figure out what's causing this. Please can someone help?

BCrypt is defined as a development dependency, but it's used within lib/omniauth/identity/secure_password.rb, so it should be a runtime dependency.

Even when relying on Rails 3.1's SecurePassword implementation, the BCrypt dependency must be specified (http://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html#method-i-has_secure_password).

v1.1.0 is too old.

http://rubygems.org/gems/omniauth-identity
1.1.0 August 6, 2012

I have attempted to create a password reset process for users that make a mistake on signup, or forget their password. It seems though that simply updating the attributes of the identity model where the password is stored does not work.

Does anyone have a good solution for this?

Here is my Identity model:

class Identity < OmniAuth::Identity::Models::ActiveRecord
  validates :name, :presence => true
  validates :email, :presence => true, :email => true
end

When trying to use the class, I get this lovely error from Postgres:

ActiveRecord::StatementInvalid (PGError: ERROR:  relation "active_records" does not exist
LINE 4:              WHERE a.attrelid = '"active_records"'::regclass
                                        ^
:             SELECT a.attname, format_type(a.atttypid, a.atttypmod), d.adsrc, a.attnotnull
              FROM pg_attribute a LEFT JOIN pg_attrdef d
                ON a.attrelid = d.adrelid AND a.attnum = d.adnum
             WHERE a.attrelid = '"active_records"'::regclass
               AND a.attnum > 0 AND NOT a.attisdropped
             ORDER BY a.attnum
):

It seems through the combination of AR's abstract_class and inheritance something is going wrong. Adding a self.table_name = "identities" solves the problem though:

class Identity < OmniAuth::Identity::Models::ActiveRecord
  self.table_name = 'identities'

  validates :name, :presence => true
  validates :email, :presence => true, :email => true
end

Hi,

I tried to follow this tutorial:
https://github.com/intridea/omniauth/wiki/Managing-Multiple-Providers

but came into an issue where the Identity records were getting created with the provider and uid attributes not set.

I'm trying omniauth-identity out on rails 4.0.0.beta1. So my best guess is that strong_parameters aren't allowing these attributes to be mass-assigned? I'm not sure how strong_parameters work with Rack middleware or if I'm just totally off the mark.

The work around for me was to replace:

def self.create_with_omniauth(auth)
  create(uid: auth['uid'], provider: auth['provider'])
end

with something along the lines of

def self.find_and_update_with_omniauth(auth, password)
  identity = find(auth['uid'])
  identity.update_attributes(uid: auth['uid'],
                             provider: auth['provider'],
                             email: auth['info']['email'],
                             password: password)
  identity.save
  identity
end

It's definitely not elegant and I'm not sure if it's solving the root cause of the issue, but just wanted to give you a heads up.

Just out of curiousity, it seems like identity.uid is the same as identity.id. Is it there to keep things consistent with other strategies (since Twitter might pass along a UID that's not tied to an actual record ID)?

Thanks for making such an awesome system!

I am using email address for signing in a user. I want to enable user to sign in via both email or mobile no.

In omniauth.rb

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :identity, :fields => [:name, :email, :mobile_no], :on_failed_registration => IdentitiesController.action(:new)    
  OmniAuth.config.on_failure = Proc.new { |env|
    OmniAuth::FailureEndpoint.new(env).redirect_to_failure
  }
end

In signup form

= form_tag '/auth/identity/register', :class => 'form-stacked' do
  = text_field_tag :name, params[:name], :placeholder => 'Enter Your Name ... ', :required => true,:class=>'uneditable-input.span6'
  = text_field_tag :email,  params[:email], :placeholder => 'Enter Your Email Address ... ', :required => true ,:class=>'uneditable-input.span6'
  = text_field_tag :mobile_no,  params[:mobile_no], :placeholder => 'Enter Your Mobile No ... ', :required => true ,:class=>'uneditable-input.span6'
  = password_field_tag :password,  nil, :placeholder => 'Create Your Password ... ', :required => true ,:class=>'uneditable-input.span6'
  = password_field_tag :password_confirmation,  nil, :placeholder => 'Confirm Your Password ... ', :required => true ,:class=>'uneditable-input.span12'
    .actions style="width: 250px;"
  = submit_tag 'Sign Up', :class => 'btn btn-primary uneditable-input.span6 '

And when i recieve auth hash in session controller, mobile no is not present

env["omniauth.auth"]["info"] = #<OmniAuth::AuthHash::InfoHash email="[email protected]" name="abc">

Is there any way to signin using both email and mobile no. And also get mobile no. parameter in auth hash to save in associated user record.

I'm attempting to use Omniauth-Identity with a project utilizing the Sequel ORM. Other Omniauth implementations are working fine, but when adding the Identity login, I get stuck with a constant error: undefined method 'auth_key' for Identity:Class in /gems/omniauth-identity-1.1.1/lib/omniauth/strategies/identity.rb: in block in <class:Identity>, line 13

# config.ru
use OmniAuth::Builder do
    #...other providers...
    provider :identity, :fields => [:email]
end

# classes.rb
class Identity < Sequel::Model
    plugin :secure_password
    one_to_one :account

    def validate
        super
        validates_presence [:email, :password_digest]
        validates_unique [:email]
    end
end

# migration for Identity
Sequel.migration do
    up do
        create_table(:identities) do
            primary_key :id
            foreign_key :account_id # the main user object is Account
            String :email
            String :password_digest, :text => true
        end
    end

    down do
        drop_table(:identities)
    end
end

I would really like to use this as it will ensure the user experience is the same regardless of the method they choose to authenticate, but it just isn't working.

This is a very similar issue to #53, but the solution in that issue does not work for me.

I have used the information here https://github.com/intridea/omniauth/wiki/Managing-Multiple-Providers, to setup Identity on my application.

However the code to add the latest auth to the authentication table does not add the provider or uid attributes.

  def self.create_with_omniauth(auth)
    create(uid: auth['uid'], provider: auth['provider']) # and other data you might want from the auth hash
  end

As suggested in the older issue this might be down to mass assignment.

Is there a quick fix on how to get the uid and provider set? The auth object does contain this information.

Thanks in advance.

We have an app that's currently using AuthLogic and we want to switch to Omniauth. We don't want users to have to reset their passwords after the switch. Would it be possible for us to set up Omniauth-Identity in a way that is compatible with the data stored in our DB by AuthLogic? We can reformat the tables or whatever, but obviously hashed passwords cannot be unhashed or rehashed :)

I want to use seperate admin login for my application using idenity provider.

I have written this in config/initializers/omniauth.rb

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :identity, :model => Credential, :on_failed_registration =>SessionsController.action(:register)
  provider :identity, :model => Credential, :name => 'admin', :on_failed_registration => SessionsController.action(:login_admin)
  provider :google_oauth2, '000000000.apps.googleusercontent.com', '00000000000'
end

In config/routes.rb

match '/auth/admin/callback', :to => 'sessions#authenticate_admin'

In app/controllers/sessions_controller.rb

def authenticate_admin
  auth_hash = request.env['omniauth.auth']
  session[:admin_user] = auth_hash['user_info']['email']
  if admin?
    redirect_to '/'
  else
    render :text => '401 Unauthorized', :status => 401
  end
end

But when i try to access request.env['omniauth.auth'], it always gets nil. While it is accessible when using default callback for normal users at sessison#create action. I just want to know if there is anything that has been missed in this code.

So, here is the deal, client_side_validation gem requires params to be nested in order to work fully out of the box with uniqueness validation. Also that's proper Rails convention to usually have nested params under a class/model name.

So, how about allowing that in the initializer?

:identity => {:email => .... , :password => "....}

Example application
https://github.com/seivan/simple_form_2_client_side_validation_example

Even if disabling OmniAuth.config.test_mode the following test fails :

require 'test_helper'
class UsersSignupTest < ActionDispatch::IntegrationTest

test "valid signup information" do   
    OmniAuth.config.test_mode = false
    get signup_path
    assert_difference 'User.count', 1 do
      get '/auth/identity/register',
        user: { name: "Example User",
                email: "[email protected]",
                password: "password",
                password_confirmation: "password" }           
    end
    assert_template 'users/show'
    OmniAuth.config.test_mode = true
end

...

I get the following

F

Failure:
UsersSignupTest#test_valid_signup_information [/home/lsoave/rails5/gitwatcher/test/integration/users_signup_test.rb:20]:
"User.count" didn't change by 1.
Expected: 4
Actual: 3

Finished in 364.229418s, 0.0055 runs/s, 0.0055 assertions/s.

2 runs, 2 assertions, 1 failures, 0 errors, 0 skips

Rails 4 currently uses bcrypt-ruby 3.1.x for its has_secure_password method, while 1.x of omniauth-identity is locked to 3.0.x

When login fails (such as an invalid password) it currently takes the user to the failure callback of the application. I think it would be a much better user experience if mistyping a password allowed the user to stay on the login form with a nice error message saying it's invalid. Isn't this how most providers behave?

I'm using omniauth-identity with sinatra, and it seems that omniauth-identity swallows my callback.

The login completes fine (users can register and login), but the POST at the end of logging in is not redirected to the corresponding POST handler in my sinatra route.

If I have a route or note (i.e. no post '/auth/identity/callback' do ... end ) either way, a successful login just gets redirected to /. A failed login goes to the right error handler. I don't know where to start looking for a solution.

To let the system continue and move on with no indication that the password was and never will be updated if a user does not send "password_confirmation" with ActiveRecord::Base#update or ActiveRecord::Base#update_attributes is pretty misleading. There should be some indication rather than nothing at all and a continued update to the database.

This is more a feature request than an issue, but are there plans to include devise features such as "confirmable" or "recoverable"? I'm glad to help developing this if there's a big enough request...

Hi Michael,

Oddly I never really played with omniauth when I was at Intridea :) hopefully you can drop a knowledge bomb on me now though. I setup a project to use both twitter and identity and identity is of course using has_secure_password which validates the presence of password_digest on the User model which I setup as the custom class instead of Identity (ActiveRecord is what I'm using there).

I don't want to make folks that only want to use twitter for auth fill out a password when completing their registration (I have to store their omniauth info in a session and redirect to a more robust registration form populated with the data that I do have coming back from the strategy). But if I hide the password fields and submit then I get the password_digest validation error. My solution was to trigger a before validation callback and set the password_digest directly for them.

If I set it to something simple like '0' it'll pass validations and if they try to type in any password other than '0' it properly redirects to the failure action with a nice flash message. But I'm not cool with loose ends like that and if they happened to try the password of '0' outright it'll throw an invalid hash error from bcrypt. I couldn't find a way to rescue that error gracefully at the application level since it seems to be thrown from within omniauth (I think?), so to avoid the unsightly 500 I actually hash a password with a salt when saving the record. I choose the somewhat lengthy and odd "generic_identity_password" string.

Then I added a validation that wouldn't allow someone to set that as their actual password. I also wanted to handle the case where the user might somehow guess the password I set and try to login with it. So I added some controller logic to redirect the exact same way as if they had typed the password incorrectly if they guess the "generic_identity_password" string. This feels messy, but it does work. However, I'd love to refactor it to be better.

Any suggestions?

Thanks!

/auth/identity/callback is called using HTTP GET and this has a major downside, since the path is saved in browser history with cleartext password and auth_key.