Implement mailchimp oauth2 authentication - ruby-on-rails

I want to implement mailchimp oauth2 authentication.
I am reading here https://mailchimp.com/developer/release-notes/stricter-rules-for-url-matching-oauth-2/
that only support exact matching on the redirect URI
My question is simple, how would I know which user is the one that actually authorizes my application. When I am trying to add the current user id I am getting an error
call_back_url = url_for(controller: '/webhooks/mailchimp', action: 'handler', only_path: false, id: current_user.id)
Error call back uri mismatch.
Is there another way to add info about the user on the webhook callback?

I have found out how, I can add a state param on the redirect_to url, and then this is available on the webhook callback.
query_params = "response_type=code&client_id=#{client_id}&redirect_uri=#{call_back_url}&state=#{current_user.id}"

Related

Allauth, redirect to external url after email confirmation

I configured my allauth signup and email confirmation. I am able to receive the email confirmation and click verify email but I wanted it to redirect to an external URL which is the main frontend URL. So instead of /account/profile it should redirect to https://redirect-to-here.com I tried using the redirect shortcut from django but can't seem to make it work also I'm trying to read the documentation on how to achieve this.
def get_email_confirmation_redirect_url(self, request):
return resolve("auth_redirect")
# url
path("auth/redirect/", auth_direct, name="auth_redirect")
# method
def auth_redirect():
return redirect("https://redirect-to-here.com")
In your settings.py, set this variable
ACCOUNT_SIGNUP_REDIRECT_URL = "https://redirect-to-here.com"

Authenticating docusign via Rails API (Omniauth + Devise) + JS Frontend

I'm trying to create an authentication flow using Auth Code Grant where I've added necessary omniauth strategy for Docusign to create /auth/docusign routes in Rails API only application.
Here are the steps followed
I'm issuing a request to the route from VueJS client.
window.open("http://localhost:4000/auth/docusign", "targetWindow", "width=350,height=250")
After user enters credentials and on successful login I'm calling the callback:
class SessionsController < Devise::SessionsController
def docusign
internal_destroy
#success = false
userinfo = request.env['omniauth.auth']
request_info = request.env['omniauth.params']
if userinfo
info = userinfo.info
cred = userinfo.credentials
user = User.find_by(email: info['email']) || User.find_by(id: session[:user_id])
if user
organization = user.organization
organization.organization_providers.where(provider_name: 'Docusign').destroy_all
OrganizationProvider.create(email: info['email'], token_expires_at: Time.at(cred['expires_at']), token_expires_at: Time.now, provider_name: 'Docusign', organization_id: organization.id, token: cred.token)
#success = true
end
end
render 'sessions/docusign'
end
end
I'd like to pass some params (which I'm accessing in the callback as request.env['omniauth.params']) for executing some backend tasks in the method.
When I try window.open("http://localhost:4000/auth/docusign?email='"+email+"'", "targetWindow", "width=350,height=250")
It says that the url doesn't match with any redirect urls
I have also tried passing in redirect_to('/auth/docusign', query: query) but on doing so, it doesn't open in a browser due to CORS.
I'm also trying to set it in session cookie, but since it's an API only server, I'm still working towards setting up cookie store.
Question
Which is the best way to achieve this? To pass some params in the callback and retrieve it.
Then the execution flow continues on the Rails server and the window serves a page with an appropriate response as per authentication status. However during this time, the client window which started the request is not aware of the authentication outcome.
Question
How can I communicate to the VueJS client that the authentication process is completed?
Question
Am I doing the above flow correctly or are there any better ways to achieve the same?
Thanks in advance
You need to log into your DocuSign Developer Account, Click on Admin and go on the left nav down to "API and Keys" where you can find the integration key you set. Did you set one?
If you did, you should find it and then add the redirectUri to the OAuth settings for that key (client ID in OAuth).
That is why DocuSign login tells you that the redirectURI doesn't match. You can add http://localhost:4000/auth to the list and that should work for your local env.
You cannot past custom variables on the redirectUri, it has to match exactly to the one you entered. If you need to pass values to it, there's a way to do that using state.
Here is how the URL should look, notice the &state= part of it:
https://account-d.docusign.com/oauth/auth?
response_type=code
&scope=YOUR_REQUESTED_SCOPES
&client_id=YOUR_INTEGRATION_KEY
&state=YOUR_CUSTOM_STATE
&redirect_uri=YOUR_REDIRECT_URI
&login_hint=YOUR_LOGIN_HINT
You can put whatever you want in there (URI encoded of course) and that value would come back to you when redirected back also with &state= parameter.
This solves the problem and allows you to pass arguments back to your redirect URI.

Where I can take correct API token for requests to Trello behalf on user (ruby-trello)

I am using Ruby on Rails 5.2 and gems: ruby-trello, devise, omniauth-trello.
I want to make authorized requests on behalf of Trello user same as shows here: https://github.com/jeremytregunna/ruby-trello#multiple-users
Example from git docs:
#client_bob = Trello::Client.new(
:consumer_key => YOUR_CONSUMER_KEY,
:consumer_secret => YOUR_CONSUMER_SECRET,
:oauth_token => "Bob's access token",
:oauth_token_secret => "Bob's access secret"
)
My steps:
User (Bob) sign in with Trello and get his own oauth_secret and oauth_token
App creates a Trello::Client for Bob using:
his own oauth data (:oauth_token, :oauth_token_secret)
I got consumer_key from here: https://trello.com/app-key (in the top of page, first block with key field)
consumer_secret was taken from https://trello.com/app-key too, but from the bottom of page, last block with key secret
After this, I'm trying to get any data from Bob's trello account (boards, lists, tasks etc.) but always getting 500 error (invalid token).
Could you explain what I'm doing wrong?
Thank you in advance.
What I did was implementing a session controller to request and authorize access to user's trello and then call Trello::Client with the authorization params inside the callback method on the controller.
Check out this:Trello OAuth 1.0 authorization with Ruby
Then inside the authorization method you can call Trello::Client using :oauth_token and :oauth_token_secret from get_access_token call or store them both on the session object and use them anywhere.

What is Facebook callback_url and how to use it in rails?

I am using the Facebook Graph API in my rails projects, no matter I use oauth2 gem or koala, It need callback_url
Oauth2
token = client.auth_code.get_token('code_value', :redirect_uri => 'http://localhost:8080/oauth/callback')
Koala
#oauth = Koala::Facebook::OAuth.new(app_id, app_secret, callback_url)
I try to use http://localhost:3000/callback in my project, but it's not working.
Should I develop a routes for that?
like: get 'callback' => 'oauth#callback'?
What should I write in the callback method in OauthController, what does it use for? Thanks
Yes, you should.
Basically, OAuth uses callback data to provide tokens for authenticating users.
For example
user clicks on "sign in" (or whatever) link and your app redirects they to the OAuth provider (or open it in the iframe).
user permits to your app to use they profile details
OAuth provider send callback to your app with unique code
app uses that code to get secure access token for API communications
That's just a basic example.
In your case you need to implement controller that will parse callback data.
Here is the code example
#oauth = Koala::Facebook::OAuth.new(api_key, app_secret, callback_url)
=> #<Koala::Facebook::OAuth:0x007fc919d014e0 #app_id=1234567890, #app_secret="FaKeAppSecretKey", #oauth_callback_url="http://localhost:3000/callback">
#oauth.url_for_oauth_code
=> "https://www.facebook.com/dialog/oauth?client_id=893637180663238&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback"
And when you go to https://www.facebook.com/dialog/oauth?client_id=893637180663238&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback FB will redirect you to
http://localhost:3000/callback?code=CODE_FROM_CALLBACK
Then you should use implement controller that uses code to get access token
access_token = #oauth.get_access_token(params[:code])
=> "ACCESS_TOKEN"
#graph = Koala::Facebook::API.new(access_token)
=> #<Koala::Facebook::API:0x007fc91a903ae0 #access_token="ACCESS_TOKEN", #app_secret=nil>
profile = #graph.get_object("me")
=> {"id"=>"4492344324865", "email"=>"my_fake_email_address#gmail.com", "first_name"=>"Roman", "gender"=>"male", "last_name"=>"Sotnikov", "link"=>"https://www.facebook.com/app_scoped_user_id/4492344324865/", "locale"=>"en_US", "name"=>"Roman Sotnikov", "timezone"=>6, "updated_time"=>"2015-05-18T05:19:54+0000", "verified"=>true}
Please check https://github.com/arsduo/koala/wiki/OAuth for additional info.
Callback Url is yours applications url -- a GET route -- you want the third party application to redirect to, after its done its work.
So in your routes.rb file simply create a get route
get 'facebook_graph_callback', to: 'controller_name#action'
#A get route which is connected to a controller action
Usually the third party will give you some sort of information back. Quite often its some sort of code. In your controller action you can use find them in params hash.

Tracking Which Twilio Users Make Which Calls

Problem: I'm unable to determine which of my Rails app's users are making which browser-to-browser calls using Twilio.
I am able to make browser to browser calls with Twilio and I am able to store the #call object in the Calls table like this:
def start_conference
#call = Call.create_from_twilio_params(params)
#call.user_id = current_user.id #current_user doesn't work in this Twilio request even when the user is signed into the Rails app
#call.save
end
Here are the parameters that Twilo app returns in the log when it processes a user's call:
TwilioController#start_conference as HTML
Parameters: {"AccountSid"=>"AC123", "ApplicationSid"=>"AP234", "Caller"=>"client:test", "CallStatus"=>"ringing", "Called"=>"", "To"=>"", "CallSid"=>"CAxyz", "From"=>"client:test", "Direction"=>"inbound", "ApiVersion"=>"2010-04-01"}
Is it possible to add my own parameters such as user_id? Or maybe there is another way for me to connect the call to the user?
From this StackOverflow question, it seems possible to attach parameters to the callback URL, but where is the Twilio documentation about specifying a custom callback URL?
Thank you!
Twilio developer evangelist here.
You can indeed pass more parameters around when making a call with Twilio Client.
When you call Twilio.Device.connect() to make the call you can pass an object with parameters in that will get POSTed to your controller. For example:
// In your front end code
Twilio.Device.connect({ userId: '<%= current_user.id %>' });
And then, in your controller code, you will receive that userId in the params and you could use it like this:
def start_conference
user_id = params.delete('userId')
#call = Call.create_from_twilio_params(params)
#call.user_id = user_id
#call.save
end
Let me know if this helps!

Resources