I'm planning to build a simple rails application. User would sign in to my app and would get a list of website links like facebook, twitter or gmail. If he clicks this link from my app, he won't have to input username/password to that site except for the first time.
What should be the approach? Can rails apps store username password and provide them through url? Or can it persist sessions forever so that those first time authentication tokens remain?
All those examples I've seen talks about 'sign in to my app with facbook, twitter etc'. I need just the reverse. Sign into multiple sites through my app.
Any help would be highly appreciated.
As far as I understand the problem, you need to use the OAuth. https://github.com/intridea/omniauth
The canonical screencast on the topic http://railscasts.com/episodes/241-simple-omniauth
Basically the idea is that you let your app to be authenticated on FB/Twitter/etc by the user. After that you'll get the user ID on an authentication token from the service, and then use those credentials to talk to FB/Twitter/etc APIs
Related
I'm using omniauth-twitter for twitter log in to the website and it works perfectly well (go to /auth/twitter, user authenticates, and then redirect_to /auth/twitter/callback). Great.
However, on the iOS side, how can I implement sign in with twitter? Do I do it client side or server side? Could anybody go through the steps? (note: the only way to sign in to the app is through twitter)
We've tried:
using a UIWebView that goes to /auth/twitter, but on redirect, it goes back to the web version. Is there a way to get JSON data from the UIWebView?
doing sign in with twitter client side, and using a made up password to authenticate in sessions#create that matches a made up password on the db.
Is there another alternative for authentication? I know what we're doing has a lot of flaws but we couldn't find any other solutions even after asking in meetups and researching online for days. please help!
You could add an OAuth 2
implementation on your server. Your server authorizes the iOS app for an authenticated user / content owner. (You have completed the authentication part.) Once authorized, the iOS app accesses that particular user's content (via an api on your server) as if it is logged in as that user.
You will find one potential OAuth 2 provider implementation for RoR as
applicake/doorkeeper
You will find a sample iOS client application as
telegraphy-interactive/OAuthClientSetup
That is one suggestion, in any case. Not the whole answer, which would require a book chapter.
I have an existing rails app which uses 'devise' for authentication.
I would like user's to be able to link their twitter and facebook accounts to their account on my site, so that my application can post updates on their behalf.
Ideally:
When registering, you can choose to set up a standard account, or use twitter, Facebook, etc credentials.
If user chooses to use facebook credentials, I would still like them to be able to link their twitter account, so that my application can post to both at same time on their behalf.
A bonus would be allowing them to have identities which they could link twitter account A to one identity, then switch identities and use another twitter acccount.
My questions are:
if they use a standard account, and link facebook and twitter, are they going to be prompted to enter those credentials every time I post on their behalf? Or does omniauth give me an infinitely valid token?
I know devise can handle omniauth, but I can't seem to tell if it can handle what I am asking. It seems that it's omniauth support is more along the lines of just authenticating site users against twitter credentials not for linking multiples.
is there a rails gem that does this, and is well supported? I see socialite is no longer supported, but it seemed to be a one or the other type deal, not what I want anyway.
because I am already doing standard auth with devise, would it be simpler to just force users to create a standard account, and then use the twitter and facebook api's directly on top of that?
Looking for the best strategy here for doing what I want.
*note: If you think I can get 75% of what I want for 25% of the effort that all my goals would be, let me know. *
Thanks,
~S
My plan for this web app is that it needs the user to log in with LinkedIn, and the user's id on the site and database is their LinkedIn id.
So, the most convenient and elegant thing would seem to be to have no "native" login at all, and just have the user log in with LinkedIn from the start.
Having seen recent disaster for Twitter api developers, I now wonder if this is considered too risky. I am assuming that it is allowed by LinkedIn (haven't checked that yet).
Alternatives could be:
native login then login with LinkedIn after that.
OpenId login and then login LinkedIn after that.
Somehow have a backup login incase linkedin kicks me off.
Any thoughts on the main idea or alternatives? Any other ideas?
As soon as you require a user to create a native login, you're making the usability of your app more challenging IMO. I hate, hate, hate it when I'm forced to create a new account on a site when a single button press would work.
Of course, usability would be at near zero in the unlikely circumstance that LinkedIn's provider no longer works for your app. So, there are tradeoffs.
Does LinkedIn provide access to the user's e-mail address when you authorize them? If that's the case, you could just login with LinkedIn. If LinkedIn's provider no longer works for your app, you could send users an email with a temporary password in an authoritative way. If they don't provide an e-mail address via their provider, then you'll be forced to collect it separately directly from the user (and potentially verify it in case the user made a typo or something).
I'm currently using OAuth to authenticate people with their twitter (twitter gems) acount in my application. The problem is that for people who aren't connected or who have various accounts.
So that's my question, is that possible, to ask user their login/password to link their twitter account on my application ?
Thanks
It is no longer possible to connect to Twitter's API using Twitter credentials. Twitter's public stance on this is that you should -never- provide your Twitter credentials to anyone else, ever. This is part of their rationale for implementing OAuth.
Even if you had the user's Twitter password, you couldn't validate that it was actually their password, nor could you access their Twitter account with it through the Twitter API.
Your best bet would be to look into devise and omniauth. I've gotten it to work this way. Omniauth also allows to link to several accounts. Be it, Facebook, Twitter, etc.
I'm sure it's entirely possible to ask users for their Twitter login/password on your application. It's a very bad practice though, as OAuth avoids the need for client applications to ever touch a users credentials. I suggest setting up an authentication/authorization system that maintains a login/password and then allows connecting multiple OAuth accounts via an AuthenticationStrategy model or the like. Ryan Bates did a few Railscasts on the subject:
http://railscasts.com/episodes/235-omniauth-part-1
http://railscasts.com/episodes/236-omniauth-part-2
I want to create an web application that will link up a student's facebook, twitter and orkut accounts all under one shed. Its like connecting all the students within a college, to login into the web app, the userid will be the unique studentID provided by the college
itself.
Now, once a student has logged-in, he can open his facebook, twitter and orkut a/c in the same window, lets say under tabs. How can i do that??
I mean how can i pass a student's Facebook's user-id and password to facebook server and if user authentication is done, then show the student his facebook wall.
I am very confused and don't know how to deal with this.
Storing username and passwords is not a very good idea. Neither Facebook nor twitter supports it through API.
For Facebook integration use the OpenGraph protocol with any SDK that Facebook provides, like Javascript SDK. Mogli is a ruby wrapper for OpenGraph API
For Twitter, there are multiple options like John Nunemaker's Twitter gem. Use that to talk to Twitter API.
Ultimately, it comes down to the architecture of your application. You can start by creating models like 'FacebookConnection' or 'TwitterConnection' and linking them to your 'User' model.
Solving it easy, just make the link open twitter/facebook. if they are signed in there already, their homepage will show, otherwise they will be prompted to enter user/pass.
To integrate your application with those platform, each platform got it's API and connect method, with this you won't need the user password be stored in your app. You instead will, twitter as an example, create a twitter application that communicate with twitter's API, and then redirect the user to twitter asking twitter to grant your application some access to the signed in user account, almost the same as you will sign in with your google account here on stackoverflow.
To do the communication with each of those platform, refer to the API/Connect documentation they provide and implement it in your web application. Don't reinvent the wheel, most of the communication functionality will be already coded in an easy to use library, whether for rubyonrails or most other development frameworks/languages.
look at facebook connect, oath (for twitter) etc instead of storing passwords
divs/iframes with some kind of tab control (jQuery?) to handle toggling of what should be visible.