I went through quite a lot of Rails/Rails examples of Google OpenID authentication, but none of them worked properly. Most of them don't work because they are out of date. Even omniauth doesn't for some other reason.
Does anyone have a working example of Ruby Rack web application which works properly now?
I forked one a while back and popped it up on GitHub called rails3-mongoid-omniauth.
It lets you authenticate using a variety of methods. It provably runs on the Bamboo stack on Heroku with Rails 3.0.x. I haven't updated it, but it should give you some insights.
Some of the key files are:
omniauth.rb where the providers are declared. It also includes a monkeypatch to fix the LinkedIn provider, although I suspect that it has been fixed by now.
routes.rb where the route to this app is defined for each authentication provider. This is the callback URL which omniauth sends to the provider.
application_controller.rb where the current_user is defined based on the session key.
sessions_controller.rb where the session is created based on authorization from the authentication provider (e.g. Google)
_navigation.html.erb where the sign-in links take you to the authentication provider.
Now that I have done some more research, it looks like there is also a tutorial at http://railsapps.github.com/tutorial-rails-mongoid-omniauth.html.
I would check this Rails Cast which should help get you up and running on On Open ID and omniauth in general on Rails/Rack based Ruby apps
http://railscasts.com/episodes/304-omniauth-identity
By the way if you are going to be doing allot of Rails development Railscast is a excellent source of information.
Related
I have a project where I want to develop the frontend in Next.js (requests based on fetch API from JS) and the backend in RoR and I am having a hard time to get the User authentication to work. I have researched and found four possible solutions:
Sessions and cookies
JWT
devise_token_auth
devise-jwt
I have tried to implement some of them but i always end up getting a server error on client requests at some point. I would like to know if anyone has any resources where I can get to know more about and learn more about it so I can implement such authentication in my project.
If I could take advantage of devise would be even better, since I already have it setup for ActiveAdmin (wanna use the admin dashboard)
Thanks a lot in advance.
I used to use devise, but have since moved to AWS Cognito which handles everything for you and is customizable as needed. You might look into it.
https://aws.amazon.com/cognito/
I am looking for an authentication system for Ruby on Rails. However there seems no gem that supports both direct web authentication (e.g. like devise does) and API authentication (like devise_token_auth). The both I mentioned seem incompatible to each other (at least I got some errors after adding the devise_token_auth to a project with devise already set up). Devise used to have an API authenticable but it was removed (there's probably a good reason for that, however I couldn't find one online).
Is there any gem that can do both of those methods (web and api), or do I need to build some JavaScript based solution, like in the ng-token-auth Live Demo?
I won't reject a JavaScript solution as long as it doesn't dramatically increase load times or is hard to understand/customize. I just can't believe there is no solution to such a common problem.
I took a closer look at devise_token_auth and together with ng-token-auth it seems to solve my problem.
So it seems I'll need to learn working with AngularJS for that, but that should be fine.
I am creating a social networking site for my university and I'm wondering which gem I should use for the login process, or if there is any other more secure way to implement a login process. Is there document or sample code which can guide me?
I've heard about the Devise gem but I am not sure that it will be work for us, or how to use it.
Definitely recommend devise. It's written by one of the top contributors to rails Jose Valim. It's pretty easy to use, especially if you just stick with the defaults which are very reasonable. And it's kept up to date - currently only has 7 outstanding issues. For a project with 6.4k watchers that's pretty amazing.
There's a getting started guide with everything you need to get started.
There's also a devise wiki with a lot of examples. Here's just a few:
How To: Disallow previously used passwords
How To: Display a custom sign_in form anywhere in your app
How To: Do not redirect to login page after session timeout
It largely depends on what features you're looking for. If you require a full-featured authentication solution (Registration, Forgot Password, Remember Me, Login) then either devise or Authlogic is recommended.
If you're just looking for a simple way to authenticate users (via login and password for example), you can just use the Rails built-in authentication via has_secure_password. Ryan Bates did a RailsCast on it not too long ago.
Whatever method you decide to go with just remember that without SSL its not secure.
Devise is very nice. However, I'm partial to using NoamB's Sorcery gem. Its like a balance between rolling your own and Authlogic.
Check it out here:
https://github.com/NoamB/sorcery
Also nice railscast on it:
http://railscasts.com/episodes/283-authentication-with-sorcery
I am wondering how I can build the registration process like we have in Stack Overflow, where a user can login using one of several already existing accounts? I would prefer using Rails as a technology platform.
Are you looking for this?
http://testingauth.heroku.com/
I'm not sure this is exactly what you need, but the devise module, available on github, makes it very easy to build a authentication system in a rails application.
For authorization, another great module is called "cancan". You might need that too.
Check out OmniAuth. There are a few railscasts describing it.
You can use omniauth gem to implement openId auth. Also, it possible to extend your existing user auth systems. See great screencast about this at railscast: OmniAuth Part 1
Im starting to learn RoR and i want to make my personal blog in this language. I usually code a couple of prototypes on top of whatever im doing in my blog. So i would like people to be able to log in, and register with their openID. So i was about to jump to the coding place when i realized the concept of gems and all that stuff is giving you tools for this kind of things.
So is there some kind of package to manage users, profiles and openId?
check out technoweeni's restful-authentication plugin
I'd advise you to look at bort as a complete RoR skeletton app with RESTful auth builtin, one of its fork here or at AuthLogic a less intrusive auth solution for Rails (and Merb and some others).
Take a look at the bort skeleton app. It has restful auth and openid authentication already setup among other things.
Railscasts also has a number of screencasts about setting up authentication, restful authentication and OpenID.
One thing you want to be aware of to avoid hours of headache: the Ruby OpenID library changed substantially with OpenID 2.0, so if you're using a plugin or example code from a blog, be sure you're using the version of OpenID to which it corresponds.
There are several plugins; one with lot of activity is open_id_authentication.
Dan Webb has a good guide to OpenID authentication in Rails that walks you through writing the actual code, but note that, at least last I checked, it hadn't been updated for OpenID 2.0.