Pass scope with omiauth Pinterest authentication request - ruby-on-rails

I am using omniauth-pinterest gem to authenticate Pinterest users. In addition to the default "write_public" I need to pass "write_public" scope. What's the best way to pass "read_public,write_public" scope with the auth request?

Hello there I did not try omniauth-pinterest, but in omniauth-google-oauth2
we can pass the scope in initializer file. As I expect you can also pass the scope same as omniauth-google-oauth2 like:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :pinterest, ENV['PINTEREST_APP_ID'], ENV['PINTEREST_APP_SECRET'], scope: ["read_public", "write_public"]
end

Related

Switch provider for the omniauth-shopify-oauth2 gem in runtime?

The initializer for the omniauth-shopify-oauth2 gem is supposed to look like this:
# config/initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :shopify, ENV['SHOPIFY_API_KEY'], ENV['SHOPIFY_SHARED_SECRET']
end
However, in our Rails app resides a few different brands who offers the same functionality. Throughout the entire app, the request.domain of a request determines which brand you are exposed to (brand1.example.com, brand2.example.com, etc.).
We can easily store brand specific credentials and redirect the users to the brand specific authorization path:
https://example.myshopify.com/admin/oauth/authorize?client_id=brand1&scope=read_orders,read_products&redirect_uri=https://brand1.example.com/auth/shopify/callback
But I can't figure out how we can have different providers for the middleware, chosen based on the visited request.domain. Any idea how to set this up?
Omniauth provides documentation on Dynamic Providers, which will be helpful here. Something like:
# config/initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :shopify, setup: lambda do |env|
# Do logic to get correct credentials for request.
# For example, if you store the credentials on a model called Brand,
# and have it keyed on "subdomain":
request = ActionDispatch::Request.new(env)
brand = Brand.find_by(subdomain: request.subdomain)
env['omniauth.strategy'].options.merge!({
client_id: brand.client_id,
client_secret: brand.client_secret
})
# `site` needs to be set. This is part of the shopify provider setup phase, which we are overriding
env['omniauth.strategy'].options[:client_options][:site] = "https://#{ request.GET['shop'] }"
end
end

Applying additional oauth scopes in an omniauth initializer

I am trying to apply the coinbase wallet API with oauth to use its send functionality. I have been able to connect to the API and use its endpoints, but whenever I try to use the send functionality, I am thrown the error Invalid amount for meta[send_limit_amount]. My omniauth initializer looks like this:
provider :coinbase, , ENV['CLIENT_ID'], ENV['CLIENT_SECRET'],
scope: 'wallet:user:read wallet:user:email wallet:accounts:read wallet:transactions:send'
The reason for this error is because, in order to use the send functionality, coinbase requires additional parameter meta[send_limit_amount]. Where and how am I supposed to apply this additional scope?
UPDATE: So I've made some progress in that I am able to attach one meta scope to my initializer, which seems to be sticking (as shown when I print out the auth_info). This is the current state of my initializer:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :coinbase, ENV['CLIENT_ID'], ENV['CLIENT_SECRET'], scope: 'wallet:user:read wallet:user:email wallet:accounts:read ', :meta => {'send_limit_currency' => 'BTC'}
end
# wallet:transactions:send
# :meta => {'send_limit_amount' => '0.0001'}
The problem now is that I cannot seem to figure the syntax necessary to add the send_limit_amount property to the oauth meta hash.
Managed to solve the problem with the following initializer;
Rails.application.config.middleware.use OmniAuth::Builder do
provider :coinbase, ENV['CLIENT_ID'], ENV['CLIENT_SECRET'],
scope: 'wallet:user:read wallet:user:email wallet:accounts:read wallet:transactions:send',
:meta => {'send_limit_amount' => 1}
end
Now, I need to either disable the two factor authentication or determine how to Re-play the request with CB-2FA-Token header

With Omniauth, How to record all requests for authentication?

with omniauth in my app, to have a user use Google oAuth2 to authenticate I redirect the user to:
/users/auth/google_oauth2
If the users approves the request, then the AuthenticationsController#create is called.
With AuthenticationsController#create - I can add event tracking to record the # of users who approve google auth. What I don't have is the number that I sent to approve meaning I don't have a conversion rate.
How can I track the # of people who hit the URL around making requests to connect.
A nasty solution would be to build a filter around the method Strategy#request_call and do the tracking there.
Inside an initializer:
OmniAuth::Strategy.class_eval do
def request_call_with_tracking
log :info, "Im running before the actual request_call"
Tracker.hit(name) #name will return the provider
request_call_without_tracking
end
alias_method_chain :request_call, :tracking
end
You can achieve this by using the OmniAuth setup phase. You can pass a :setup option to an OmniAuth provider, with a proc which will be executed before the authentication is performed. You can add event tracking inside this proc.
So if you have some tracker class, you can do this:
use OmniAuth::Builder do
provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'],
:setup => lambda { |env|
Tracker.track
}
end
For more information check out Avdi Grimm's great blog post about the subject.

Why does Google OAuth2 authentication fail when using analytics url instead of youtube url?

I'm working on a dashboard for my colleagues that shows a few stats from Google Analytics next to some other statistics. To get access to the Analytics data I use OAuth2. OAuth2 requires a scope to get send along with the authentication request in order to get access tokens. I created a client ID in the APIs Console that has access to Analytics, and specify the scope in an initializer that looks like this:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, ENV['ADMIN_DASHBOARD_GOOGLE_CLIENT_ID'], ENV['ADMIN_DASHBOARD_GOOGLE_CLIENT_SECRET'], { access_type: 'online', approval_prompt: '', scope: 'http://gdata.youtube.com,userinfo.email,userinfo.profile,analytics.readonly' }
end
This uses the omniauth-google-oauth2 gem, and the scope I found in an example somewhere. However, for my implementation, I think this scope is strange. Instead of http://gdata.youtube.com,userinfo.email,userinfo.profile,analytics.readonly I would like to use https://www.googleapis.com/auth/analytics.readonly, but changing to that scope causes the request to return invalid_credentials. What is the correct way to specify only access to analytics data is needed?
Scopes should be seperated by a space character, not a comma:
https://developers.google.com/accounts/docs/OAuth2WebServer#formingtheurl
if you need Youtube and Analytics scopes use:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, ENV['ADMIN_DASHBOARD_GOOGLE_CLIENT_ID'], ENV['ADMIN_DASHBOARD_GOOGLE_CLIENT_SECRET'], { access_type: 'online', approval_prompt: '', scope: 'http://gdata.youtube.com,userinfo.email https://www.googleapis.com/auth/analytics.readonly' }
end
if you need just Analytics, use:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, ENV['ADMIN_DASHBOARD_GOOGLE_CLIENT_ID'], ENV['ADMIN_DASHBOARD_GOOGLE_CLIENT_SECRET'], { access_type: 'online', approval_prompt: '', scope: 'https://www.googleapis.com/auth/analytics.readonly' }
end

Change Twitter provider after initialization with Omniauth gem

I'm using Omniauth to authenticate at Twitter, but I have 2 apps registred with diferent names that I want to use depeding on the current locale(session scope).
So I need to change the provider key and secret defined at omniauth.rb file right before user calls auth/twitter( I was thinking to do a before_filter but auth/twitter is an external link to twitter and not a regular action) or a way to config Omniauth to define providers by locale instead of define for the entire application scope.
So how can I do that ? Any idea?
What you need to do is set setup to true in omniauth builder
Rails.application.config.middleware.use OmniAuth::Builder do
provider :twitter , :setup => true
end
Then set add following to your routes.rb file to define which route will be called for setup
get '/people/auth/twitter/setup' => 'sessions#twitter_setup' #needed for devise setup phase hook to work
After so just set the omniauth strategy in the session controller that meet the route for setup
def twitter_setup
request.env['omniauth.strategy'].options[:consumer_key] = YOUR_DYNAMIC_KEY
request.env['omniauth.strategy'].options[:consumer_secret] = YOUR_DYNAMIC_SECRET_KEY
render :plain => "Setup complete.", :status => 404
end
this will enable you to load the apps you need

Resources