I'm working on authentication with LinkedIn. I don't know why but LinkedIn don't allow to sign in with suddenly. I can allow LinkedIn app but I can't get authentication information.
{"provider"=>"linkedin",
"uid"=>nil,
"info"=>
{"name"=>nil,
"email"=>nil,
"nickname"=>nil,
"first_name"=>nil,
"last_name"=>nil,
"location"=>nil,
"description"=>nil,
"image"=>nil,
"phone"=>nil,
"headline"=>nil,
"industry"=>nil,
"urls"=>{"public_profile"=>nil}},
"credentials"=>{"token"=>"facdxxx-xxx-xxxx-xxxx-xxxxxxxxx", "secret"=>"2xxxxx-xxxx-xxxx-xxxx-xxxxxxx"}}
omniauth_controller.rb
class OmniauthCallbacksController < Devise::OmniauthCallbacksController
def linkedin
#user = User.from_omniauth(request.env["omniauth.auth"].except("extra"))
if #user.persisted?
sign_in_and_redirect #user, event: :authentication
else
session["devise.user_attributes"] = #user.attributes
redirect_to new_user_registration_url
end
end
end
Should I update LinkedIn application settings? I wonder it doesn't matter to the rails application...
Gemfile
gem 'omniauth-linkedin'
I use omniauth-linkedin.
When I register in February, I have permission like below.
But currently, Just three.
How can I add permissions on LinkedIn?
There's so many things that this could actually be, but here's one thing you can try; you may not have requested the correct access when you configured your application. Per the docs:
When requesting an authorization code in Step 2 of the OAuth 2.0 Guide, make sure to request the r_liteprofile and/or r_emailaddress scopes!
Per the documentation you can set these via the request, or thru the developer portal
Related
In my rails web project, users authenticate with twitter. The oauth process involves the user, entering twitter login credentials through a twitter web form and this works well. I will like to know if its possible for the user to authorize my web project through twitter’s mobile app if the user has it installed.
So basically, when a user visits my web project and click on “sign in with twitter”, the authorization process should happen in twitter’s mobile app if the user has it installed, else it uses the web form. I have only seen this possibility with the periscope mobile app, where authorization to twitter occurs in twitter’s mobile app. Is this even possible since my project is web based? Interestingly, I have a link to my twitter profile in my web project and that link opens my mobile twitter app when i click on it.
This is the current oauth process that I have within my rails app. This is relevant code from my user model
def self.from_omniauth(auth)
user = find_or_initialize_by(provider: auth.provider, uid: auth.uid)
user.email = auth.info.email
user.password = Devise.friendly_token[0, 20]
user.name = auth.info.name
user.username = auth.info.nickname
user.location = auth.info.location
user.access_token = auth.credentials.token
user.access_secret = auth.credentials.secret
user.access_token = user.encrypt_field(user.access_token)
user.access_secret = user.encrypt_field(user.access_secret)
user.save!
return user
end
In my user controller, I have
def twitter
#user = User.from_omniauth(request.env["omniauth.auth"])
if #user.persisted?
sign_in_and_redirect #user, event: :authentication #this will throw if #user is not activated
set_flash_message(:notice, :success, kind: "Twitter") if is_navigational_format?
else
session["devise.twitter_data"] = request.env["omniauth.auth"].except("extra")
redirect_to new_user_registration_url
end
end
In my gemfile, I have
gem 'devise'
gem 'omniauth'
gem 'omniauth-twitter'
gem 'twitter'
This works well with web form based authentication. I will like to know how or if its possible to authenticate and authorize through twitter's phone app if the user has it installed.
For web based flows, the OAuth flow will take place on the Twitter website, not the app. Native mobile flows were supported for native apps using the now-deprecated TwitterKit.
I have used omniauth-facebook gem. Want to find weather the user is signed in with facebook provider or not.
My code
def sign_in_user_and_redirect(user, identity_id)
UserIdentity.increment_counter(:sign_in_count, identity_id)
user.link_browser_id cookies.signed[:uuid]
sign_in_and_redirect user
session['devise.user_attributes'] = user.attributes
end
How do I find session of user is signed in with facebook or is a normal user.
`def sign_in_user_and_redirect(user, identity_id)
UserIdentity.increment_counter(:sign_in_count, identity_id)
user.link_browser_id cookies.signed[:uuid]
sign_in_and_redirect user
session[:logged_in_using_omniauth] = true
end`
Added helper user_helper.rb
`def logged_in_using_omniauth?
session[:logged_in_using_omniauth].present?
end`
Usage
`unless logged_in_using_omniauth?`
Is it possible to only allow certain google accounts to log on? for example myname#mycompany.com is host through google (they are actually google account). I want only user with the #mycompany to be able log on is this possible?
do you do this with devise or google api?
Thank you :)
If you are using omniauth-google-oauth2, you can accomplish domain restrictions using by providing a value for hd option during initialization.
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET'], {
scope: 'email, profile',
hd: 'mycompany.com'
}
end
It's also possible to handle this in your controller which is handling the callback. You can deny users depending on values provided in request.env["omniauth.auth"].
class OmniauthCallbacksController < Devise::OmniauthCallbacksController
def google_oauth2
auth_details = request.env["omniauth.auth"]
if auth_details.info['email'].split("#")[1] == "yourdomain.com"
# do all the bits that come naturally in the callback controller
user = User.from_omniauth(request.env["omniauth.auth"])
if user.persisted?
flash.notice = "Signed in Through Google!"
sign_in_and_redirect user
else
session["devise.user_attributes"] = user.attributes
flash.notice = "You are almost Done! Please provide a password to finish setting up your account"
redirect_to new_user_registration_url
end
else
# This is where you turn away the poor souls who do not match your domain
render :text => "We're sorry, at this time we do not allow access to our app."
end
end
end
everybody.
I'm working with a simple Facebook authentication system on my platform (with Rails and Koala) and it's almost working as expected. But there's this one critical bug that's driving me nuts.
Given I am NOT logged into my platform and I am NOT registered and I have NOT yet authorized my app on my Facebook profile.
I go signing up with a Facebook account
Facebook asks me to log in
I successfully log in
The Facebook application requests permission
I authorize the app
I'm redirected to the correct redirect_uri
Koala fails in the client.get_access_token(params[:code]) step with a OAuthException: Code was invalid or expired. Session is invalid. This could be because the application was uninstalled after the session was created.
In short, Facebook is complaining about a code it has just provided. Here are the methods for authentication:
Login Action for OAuth
def login
reset_session
session[:facebook_client] = get_client
redirect_to session[:facebook_client].url_for_oauth_code(:callback => FacebookAPI.oauth_callback_url, :permissions => "email, user_status, publish_stream, publish_actions")
rescue => err
end
Callback action
def terminate
client = session[:facebook_client]
if client.nil?
redirect_to '/', notice: 'Error on FacebookAPI'
else
access_token = client.get_access_token(params[:code]) if params[:code] # IT FAILS HERE
# omitting the rest
end
I am currently using this guide to try to integrate twitter into Devise.
It is a little challenging because twitter's OAuth does not provide email addresses. Hence the flow of the sign up should be:
User clicks "Sign in with twitter"
Oauth call back to twitter's callback
Ask for the user for email (I need that for my site)
Sign in user.
I realized that if the user already has an account on my system with Twitter, I must be able to find the account. Hence I have added 2 extra field to the user model: oauth_provider, oauth_uid.
In omniauth_callbacks_controller:
def twitter
#user = User.find_for_twitter_oauth(env["omniauth.auth"], current_user)
if #user.persisted?
flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => "Twitter"
sign_in_and_redirect #user, :event => :authentication
else
flash[:warn] = "We still need a little more info!"
redirect_to new_user_registration_url
end
end
In user.rb
# The trick here is that twitter does not give you an email back
# So we should make use of uid and provider
def self.find_for_twitter_oauth(oauth_hash, signed_in_resource=nil)
uid = oauth_hash['uid']
if user = User.find_by_oauth_provider_and_oauth_uid('twitter', uid)
user
else
User.create(:password => Devise.friendly_token[0,20],
:oauth_provider => "twitter",
:oauth_uid => oauth_hash['uid'])
end
end
However, I have debugged this thoroughly and realized that if I redirect a user to new_registration_url, the User created in user.rb will be wiped.
How can I do the following:
If user cannot be found via oauth_provider and oauth_uid, create a User object with these credentials
direct user to new_registration_url
When the user have submitted his/her email, create the user with the same user object created in 1)
I have tried using session, but it gets really messy as I have to monkey patch devise's new and create for registrationscontroller.rb.
Please someone provide me a way to do this.
I have not been successful yet. Let me show you what I have written.
I followed these 2 screencasts and it is exactly what you want.
You can try it out! He is using the omniauth gem, which is very easy and awesome :-)
http://railscasts.com/episodes/235-omniauth-part-1
http://railscasts.com/episodes/236-omniauth-part-2