For my rails app, I implemented some authentication using twitter and facebook. I used omniauth-facebook and omniauth-twitter gem. Since these
Now for my university project, I have to implement authentication using our university API authentication system also. My question is, should I use omniauth or is there any other gems for this that would be easy to implement? I am confused because, omniauth has built in features for twitter, facebook etc. But for custom authentication, I am not sure how complex it would be. So I am asking which gem would be simpler for this purpose?
Related
I have a rails app setup with omniauth and 2 providers, facebook & strava (using 'omniauth-facebook' and 'omniauth-strava' gems).
I've just created an api for my app and am trying to get this working with oauth logins as well, but I'm not sure where to start.
I've seen a couple of old solutions online for just facebook using graph api. Would anyone know the best way to approach this in my case with the above 2 providers?
I'm creating an app in Ruby on Rails and have research Devise, Omniauth, and creating my own custom version.
My question is: what are the scenarios in which you would use one of the three choices above?
My take:
- Omniauth can provide quick registration through third party APIs, but would require additional permissions to access additional data
- Devise provides core functionality which can also be customized based on the applications needs
- Custom may be for extreme scenarios which, currently, I do not need
** I'm leaning towards Devise as it provides the core and allows me to add onto that
Additional Considerations:
- My application needs to sign in and access basic information for: location, language I18n, etc
- My application also does financial transactions (if you're a paid member, et al).
Going back to my question: based on the above, does Devise seem to be the better choice? Does Omniauth provide these features? When should I use one versus the other?
Thanks
Devise and Omniauth do very different things - and they are often used together.
Devise provides a full authentication package with views, controllers and routes to allow users to sign up, edit user profiles, reset passwords, etc.
Devise can be used without the database authentication module with provides signup via email password.
Omniauth is a framework for authentication users via Oauth. Omniauth unlike Devise does not ship with any views or controllers. Instead you need to integrate the Oauth callbacks into your app. What Omniauth does is abstract away the differences between different providers.
Both can be used together to provide user authentication via password or oauth for example.
Rolling your own authentication solution is generally not advisable. Projects like Devise have hundreds if not thousands of man-hours behind them and many eyes viewing the code base for flaws. Crappy home rolled auth solutions by companies with Not Invented Here Syndrom are one of the most common security failures that have lead to user data and passwords being leaked.
To add context to #max's answer, OmniAuth is an extraction of OAuth (Open Authorization)...
OAuth is a simple way to publish and interact with protected data. It's also a safer and more secure way for people to give you access. We've kept it simple to save you time.
Whenever you have a trusted service such as Facebook, Twitter, LinkedIn, GitHub, NetFlix, etc, and want to use a service in conjunction with your pre-built connectivity on these existing services, you'll need a secure way to "authorize" the use of that data...
A "CRM" system which allows you to "import" contacts from LinkedIn
A "social sender" system which allows you to send messages to your Facebook friends
Recommend new movies based on what you recently watched on NetFlix
Most people know OAuth by virtue of the "Allow Access" notification for Facebook etc:
Interpreting this in your own app is simple - do you want to pull data from Facebook / Twitter / LinkedIn / GitHub etc?
Real use of OAuth should be to extend your application.
Most users treat "app requests" for their social network data as an extension of the "social" experience (IE if I allow app access to my FB, I expect it to post to my wall etc).
Instead of treating it as a way to allow users to sign in with Twitter / Facebook / LinkedIn credentials (which is 100% valid), you should think about the higher-level functionality.
--
Devise != OmniAuth
Devise is an authentication system; OAuth is authorization.
OmniAuth extends OAuth for authentication:
OmniAuth is a library that standardizes multi-provider authentication for web applications.
It replaces email/password with Twitter API key. Thus, whenever creating authentication on your system, you will always need to store User data etc - it's how that data is authenticated which makes the difference.
In short, if you want Sign in with Twitter buttons etc, OmniAuth is recommended. However, to keep your authentication consistent, you'll be best using Devise with OmniAuth.
--
Finally, don't roll your own authentication unless you've implemented Devise at least 5 times. All Rails authentication works similarly (uses Warden strategies). It's not going to be worth your time debugging your own system when Devise has 100,000's of users doing the work for you.
I am writing a facebook app by using ruby and rails. I will need Facebook connect and login, share, and timeline integration (posting on user's behalf). Is there any tutorial/guide or gem that you recommend.
Thank you
Cheers
Koala is a gem that interacts with Facebook's Graph API and can handle Facebook OAuth as well.
Koala has some good examples on Github, but if you like Ryan Bates covers Koala and Facebook's Graph API in Railscasts Pro #361 and #363. Both are paid episodes.
Omniauth is a great gem for handling many different OAuth providers, including Facebook. Ryan Bates covers it in several episodes.
I can recommend 3 gems for facebook authentication and login. Implementing them would be quite complex. For basic authentication you can use devise, then for facebook login, you can integrate omniauth with the omniauth-facebook gem into devise:
https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
Is Devise a good option? Another extension? Roll my own as per OAuth in Rails - google, twitter, facebook, connect for login like stackoverflow login?
You can go with Devise in combination with Omniauth or use Omniauth on its own building your own authentication. You need to decide whether you want local+remote sign-up or remote sign-up only. I did both recently and wrote articles about it:
Devise + Omniauth: http://communityguides.heroku.com/articles/11
Omniauth, includes full code on Github: http://communityguides.heroku.com/articles/16
(Links updated 15.12.2012)
Edit: Regarding local sign-up - you might use myopenid as a replacement and send users over there if they do not have or do not want a Twitter/FB/Google account...
I highly recommend Devise (1.2 or newer) with OmniAuth. I have been successful in using that combination to enable single sign-on from a Rails application to GitHub, and it's fairly trivial to add support for additional providers.
https://github.com/plataformatec/devise/wiki/OmniAuth%3A-Overview
Using the current rails 2
I want users to be able to create an account from:
traditional signup
twitter
facebook
and then allow them to link facebook and/or twitter and/or traditional signup later.
I read this http://www.themomorohoax.com/2009/02/21/rails-2-3-authentication-comparison
and decided to check out:
Authlogic
Restful Authentication
Devise/Warden
It seems for at least some of the plugins you can use with them that making OAuth work with them will make them incompatible with any other login system.
Will I need to roll my own from the ground up, or can I glue together some existing pieces?
You can glue together existing pieces.
I wouldn't advise for Restful Authentication. It's getting old and isn't maintained anymore.
If you plan on using Authlogic, you can take a look at those two gems :
authlogic oauth for any oauth service (including twitter)
authlogic facebook connect
If you plan on using Devise, you can take a look at those two gems :
warden oauth for any oauth service (including twitter)
device facebook connectable