I want rails to either update or store the Comment after a user did a successfull loging trough omniauth (Twitter, Facebook or OpenID).
A (not logged in) user fills in a comment form. Posts that.
User gets an omniauth page where she can choose the sign-in-method: Twitter, Facebook or OpenID.
Once the user returns from the oAuth successfully, I want to store (or publish) the Comment.
I have this working, using a session-variable, but that is not very thread-safe: it will break if a user has multiple comment-tabs open with the same session.
Should I save the comment to the database in an unpublished state, and toggle that after returning? And if so, how to know how to toggle te correct comment? Problem is similar to abovementioned session-issue.
Is there some way to simply pass the comment-object along with the omniauth and recieve it back when the user returns from a successfull sign-in?
Or can I pass some hash-string along that I can extract after a successfull return?
Edit: complete rewrite to simplify and clarify the question.
Store post id along with comment text in session. On successful authentication, find the post using stored id and build the comment object for it.
Update - In case authentication fails, delete all such entries.
Related
What would be the easiest way to have a contact form implemented into an Xcode ios app, where the user inputs their email, name and some hidden variables from within the program?
I'm thinking a firebase service will work well, as I don't want to use the built-in email form.
The contact form also needs to know if the form was submitted successfully, such as if the internet was out, or the server/service couldn't be reached. Any help or useful links would be greatly appreciated.
Firebase Authentication is great, it allows you to sign up/sign in users, so you can store them safely there.
Auth.auth().createUser / Auth.auth().signIn
The first method will create an auth user and returns you an uid key for that user, so you can use their Database to store anything related to that user using that uid. The second method will login an user and returns the current user logged in uid, so you can manipulate your data. You can make sure they worked by using the completion and checking if error is == nil.
I highly recommend you to use Auth to authenticate them, otherwise you would have to store their emails and passwords on your Database, and you would have to encrypt them.
Check their documentation here: https://firebase.google.com/docs/auth/ios/start
I'm building an app where the user will receive an invite to join a team.
The invite link is unique to the user, and when the user hits the sign-up page, they they can login using oauth (google).
After the user goes through the authentication and gets passed back to my app, I need to get their invite code, so I can look it up in the db and add them to the correct team.
I thought I could pass a state variable to the oauth provider which would get passed back to me like auth?state=INVITE_CODE, but when I send a state parameter to google in my auth request, it doesn't respond at all.
What's the best way to accomplish this?
I'm using express passport if that makes any difference.
I was WAY over thinking this, so hopefully this will help somebody else.
If you look at the res.headers.referer it is actually your original link, not the link from the oauth provider, which I expected.
I'll describe my question through my use case -- I (using the tweetstream gem) receive and process tweets on a push basis, and for some of those events, I reply to the user with a link to a signup form for my website. Currently, users have to do auth via twitter on my site before they can submit the sign up form so that I can securely verify that they own that twitter account they claim to be.
However, that is preventing a lot of conversion, so I would like to remove the login with twitter step. My thought then, was that on receiving an event, I could hash their twitter user_id with a random string I store, and add that hash (token) as a query param on the signup link. The link would autofill the token into a hidden field in the signup form, thus (I think?) allowing us to verify the user's twitter id again on form submission.
The one caveat to this is someone could use another user's signup link and appear as them, but this isn't a concern in our case because due to the nature of the signup data. Doing that maliciously wouldn't make sense, and doing it unintentionally, we can do by displaying the apparent twitter handle prominently on the form. Account access post signup will still require login with twitter so that isn't an issue either.
So my question then is, does this seem like a sound approach, and are there any rails gems that have this functionality or would be useful? (Basically a custom version of how authenticity token protection works I think) Thanks!
I think a better approach is not having a signup form and instead simply letting people login using twitter. Is there really something you need them to manually fill in on the signup forum that you can't automatically retrieve when they login with twitter?
I am adding Twitter and Facebook login to a MVC 3 test application using TweetSharp and Facebook C# SDK.
Currently when a user signs in using Twitter I create a user account for that user in a user table and store the id, token, and token secret in a separate table with a foreign key to the user table. Since the id, token and token secret do not expire I can quickly locate the right user account when the user logs in next time using Twitter.
What if the very same user logs in using Facebook next time? Since Twitter does not provide email in their API and I therefore have no common piece of information to tie a user account to either Twitter or Facebook I assume I have to create a new user account for a Facebook login? Does anyone have any experience with this? Are there any ways to solve this?
I identify each user internally with a unique key. I check cookies for the user key when any user hits the site. If there's no cookie I create a new key. add it to the user database and set a new cookie. Once a user completes registration the first time by logging in with any of Facebook, Twitter or .Net membership , that key is forever married to that user.
So when an existing Twitter user logs in for the first time with Facebook, we know who they are because their user key exists. It is basically the same solution as macou suggested. Macou's has the plus of working on a new machine or if cookies are cleared, the cookie solution has the plus of not requiring additional user input.
Not really a solution, more of a work around. I was faced with the same problem and ended up forcing the user to complete thier account profile by asking for their email address before allowing them to proceed any further. This meant that if the email address coming back with the Facebook auth matched the email address created with the twitter signin then I didn't need to create another account.
The bigger difficulty was coming the other way, if the account was created by the facebook auth first. It meant an untidy marry up of accounts.
To be honest the information we got from allowing users to sign in with twitter was not worth the effort and in the end finished up only allowing Facebook auths. I'm not sure how important twitter is to your solution.
Not the perfect answer I know, but I thought I would share my experience.
You can't use just a cookie because I can login as facebook then my wife login as twitter using the same browser, you shouldn't link the two accounts in this case.
I think you need to do more than that:
Use a cookie then
Use name/first name/login name/... to see if they match.
Example:
Cookie id: 18459439731114330636, find user with id = 18459439731114330636. Found, go to 2, not found, go to 3.
Is username/first name/last name/... matches the current user? if yes, link accounts. if not, go to 3.
Create a new user.
I am using Devise and I have it so a User clicks "log in with facebook". Once they confirm this, it then takes them to the registration url "http://0.0.0.0:3000/users/sign_up".
In here I then populate the name and email fields with the ones I got from Facebook. They now just have to pick a password to sign up. I also want to save the user's Facebook UID and their Facebook url.
How do I pass this into my User model once the user clicks on the sign up button? (I updated my model to include these extra fields).
Edit: I currently also store their Facebook hash data in a session that I got from Ominauth so that I can retrieve it later.
Using the auth hash provided by Omniauth you should be able to retrieve the user information.
For example the hash has a structure that looks like this.
You can pull the user information like this:
facebook_uid = user_auth.uid
facebook_url = user.user_info.urls