I'm building a simple authentication system that will allow multiple providers for a single user. I'm using omniauth and devise. Is there a way to unlink a particular provider for a single user from my application?
By unlinking provider I mean removing the user from oauth application and removing data (uid and things like that) about this particular provider (Facebook, Twitter) from my database. That is, the user will not be able to sign in using Facebook, for example, anymore after unlinking.
I've already checked this and it does not helper too much. I've also checked out devise and omniauth docs. It seems that there's no built in way of achieving this. Do I have to make requests by myself to each provider in order to unlink an OAuth token?
No, OmniAuth and Devise do not have this "feature" built-in. You would have to implement it as a separate controller, that would manage user providers.
Related
Im developing and application that will need constant updates from users that will be gathered from their social networks (twitter, facebook, linkedin and g+), but omniauth just allows me to get this data on the authentication.
I need to get them after (with a delayed_job). I could manage to do so on facebook using Koala, but I don't really know how to do it for the other networks...
What I need to activate omniauth outside the authentication process?
You should use OmniAuth to authenticate user. Also you now have their token. Just use it to make API calls required for your task. Don't forget to have all privileges needed.
I want to build a backend API with rails-api. In addition, like StackMob, I want to build my API based on OAuth. Thus I think I should use doorkeeper too.
However I am not sure how to write user signup, login and logout part.
First of all, in the rails-api, there is no session, thus I cannot store logged in user_id in rails' session dictionary.
I guess I should do like this: when a user tries to log in, I first check the database to fetch such user, then generate an access_token using doorkeeper. Then I return the access_token to client. Afterwards, when the user tries to get some resources, I use doorkeeper's authentication (i.e. OAuth) to check authorization.
Is such way appropriate? Could Anyone provide any advise?
BTW, I tried to use devise for user loging in and out, but it turns out that devise is not suitable for an API app, at least I cannot handle. Any help about Devise is also welcomed!
I use Twitter oAuth to allow users to signup for my site.
I have the user's access_token, access_secret from their signup stored.
When the user wants to return to the site and login to their account, how do I authenticate them using twitter login/password?
I do not want to ask users to give access like:
- give access to example.com to read/write your stuff on twitter
The user already has signed up using their twitter credentials, how do I reuse it instead of asking them to create a separate password?
I would rather not venture towards authlogic in addition to oauth
Currently, if the user is already logged into twitter, I can authenticate him.
using the access_token, access_secret. What if he is not logged in?
How do I prompt for username/password for twitter and authenticate for my app?
Thanks for your help.
Try using them OmniAuth gem. Makes doing that pretty straight forward.
If you're not wanting another gem dependency, you could probably code up your own functionality based on what they do with their twitter strategy and abstract oauth logic.
This RailsCasts episode demonstrates how to create a simple authentication system that only requires an OAuth verification, without the need for a seperate user account maintained by your app.
I am creating an application where the only way users can create an account and then subsequently login is through OAuth.
I only have one Oauth2 authentication source.
Ideally, the User would press one button on my app, ask for their Oauth credentials, and if they are not a user, begin to create a user profile. If they are a user, log them in.
I think that Devise is an overall superior choice and i personally prefer it for my authentication routines. And it supports oauth2. So i would certainly recommend Devise.
I'm developing a facebook app with rails that uses external apis from my own domain. The problem is that my domain requires authentication, which is done via oauth. It's not clear to me how to deal with this pattern. I'm not sure I can make oauth calls from a facebook app, thus requiring two separate registrations. Is there a way to pass a facebook access token so that I know the user is authenticated through facebook?
If you are using (or can use) Rails 3.0+, devise has a good section on how to authenticate via facebook or a google account.
Once a user has used this method to authenticate to your webapp, their session is handled in the same way a regular login session is, so you can just use current_user.nil? or user_signed_in? helpers to determine if the users are authenticated or not.