I'm authenticating Slack users with devise and omniauth-slack on Rails and I'm currently able to retrieve user's token as expected.
The problem is that, with Slack addition to include "bot" scoping, we also need to retrieve the bot's token and for that, we must retrieve the first (and unique) token response --as explained in their documentation
Is there a way to access this response in our Devise::OmniauthCallbacksController ?
If not, is there another way I could retrieve this response?
Related
I need to access several YouTube channels for my job to pull analytical data and export it to a database. The problem, is that this requires using OAuth, which would be fine except I don't know the controlling person's username/password. She probably won't give me her credentials since it's personal.
Is there a way to do this without explicitly using her username/pass? Like, she tried making me a content owner, but I still can't authorize this level of information.
This is exactly the reason why OAuth was created, to make requests on behalf of a user without their username and password.
Have that user generate an access token. Here are the Google Docs. In a nutshell:
Have your user send a post request to https://accounts.google.com/o/oauth2/token with your app key. The response should look something like:
{
type: "oauth",
token: "XXXXXXX"
}
Then, make an API request on behalf of that user with their token by passing in the token returned from the previous step as value for the Bearer filed for any web request to the YouTube API. This will allow you to perform an authenticated request without explicitly knowing the user's username and password.
What I'm trying to do
I'm trying to create a web app that would fetch emails from a user's Gmail. I understand that I would require authentication via Google OAuth 2.0.
What I'm trying to do is setting a watch() request on an inbox. Then, when the watched inbox gets an email, I want to get notified. I'm using Google's PubSub API.
What I've done
I followed the steps given in the Gmail OAuth documentation, but am confused as to how to store multiple access tokens for multiple users.
So when the user first logs in using their Gmail account, I generate a code which I exchange for an access token. Then I store this in a database. However, when I get notified about an email, I only receive from the API the user's email address. I would like to do some further API calls for this user. So now I would need to retrieve the token for the specific user. But...
The problem
... How do I store access tokens by email? I only have access to their token once they login/authorize. Is there any way of retrieving the email address from an access token? I could then store the access tokens as key-value pairs of <email address>-><access token>.
You can do a Users: getProfile-request immediataly as they log in for the first time, like so:
GET https://www.googleapis.com/gmail/v1/users/me/profile?access_token=<ACCESS_TOKEN_OF_THE_LOGGED_IN_USER>
Response:
{
"emailAddress": "example#gmail.com", // Here is the user's email address.
"messagesTotal": 6446,
"threadsTotal": 4495,
"historyId": "570232" // Here is the current historyId of his account.
}
Then, when you get a push request via watch(), you can use the historyId in the response above to see what has happened.
So after a user has logged in with his twitter account on my website, and I got the token and secret, when he moves to other page, do I have to generate the new token and secret in order to do something e.g. get his twitter username or I can just make a simple request to api.twitter.com/1/account/verify_credentials.json appending all the data I got on the page before, and it will work?
When you got the token and secret of the user, you can make requests to twitter on behalf of that user.
So to use these token and secret for future use you should save it in some datastore along with the user's credentials. As long as you append these information to the request header you will able to make requests on behalf of twitter user without asking anymore permission from the user itself.
Reference: https://dev.twitter.com/docs/auth/authorizing-request
Cheers
I've been struggling through Facebook authentication for a canvas app for a while. My approach is as follows:
Check the user's session for an access token.
Check the user's Facebook cookies for an access token.
Check the parameters for a signed_request.
If an access token is found during any of those 3 steps:
I make a call to the graph API requesting the /me resource.
If the call is successful, the user is logged in.
If the call fails (causes an OAuthException), I request a new access token by redirecting the user to the Facebook OAuth endpoint to obtain a code, then obtaining a fresh access token by exchanging that code.
If no access token is found in the session, cookies, or signed_request, I display a landing page.
Is this the correct procedure? I've noticed that oftentimes there is no signed_request present in the parameters if the user's access token has expired. The method Facebook endorses for requesting a fresh access token results in 2 user-facing redirects as well as an API exchange, which seems a bit heavy.
The setup I'm working in is:
Rails v3.0.8
Koala gem v1.2.1
I've followed these guides:
https://github.com/arsduo/koala/wiki/OAuth
https://github.com/arsduo/koala/wiki/Koala-on-Rails
https://developers.facebook.com/blog/post/500/
Have you considered using Omniauth? (https://github.com/intridea/omniauth) It wraps up all this stuff and lets you easily extend to other sites as well.
I am using Rails with omniauth plugin to authenticate my application via LinkedIn. Currently, I store the linkedin token which omniauth returns if the user successfully authorize the application:
oauth_token"=>"9dd623ad-1e21-2cec-9ede-107e1f8e9e18"
I am also using linkedin plugin to get user's Linkedin information. The problem is; the plugin requires two tokens like the following:
client.authorize_from_request(rtoken, rsecret, pin)
c.authorize_from_access("OU812", "8675309")
How can I use the omniauth's token in linkedin plugin? Any idea?
OMNIAUTH is for Authentication only. AFAIK you wont be able to use the API with that oauth token alone. Youll still need to send the user off to linked in to authorize API access by doing something like
client.request_token(:oauth_callback =>'your callback url')
See example here:
http://pivotallabs.com/users/will/blog/articles/1096-linkedin-gem-for-a-web-app
Update:
I was able to reuse access token and access secret that I received upon Omniauth callback from LinkedIn and pass it on to client.authorize_from_access and got access to LinkedIn API that way. Your mileage may vary as I had to customize linked_in gem to fit my workflow a bit, but once Omniauth gets access token and secret you no longer need to call client.authorize_from_request