I am using Rails with omniauth plugin to authenticate my application via LinkedIn. Currently, I store the linkedin token which omniauth returns if the user successfully authorize the application:
oauth_token"=>"9dd623ad-1e21-2cec-9ede-107e1f8e9e18"
I am also using linkedin plugin to get user's Linkedin information. The problem is; the plugin requires two tokens like the following:
client.authorize_from_request(rtoken, rsecret, pin)
c.authorize_from_access("OU812", "8675309")
How can I use the omniauth's token in linkedin plugin? Any idea?
OMNIAUTH is for Authentication only. AFAIK you wont be able to use the API with that oauth token alone. Youll still need to send the user off to linked in to authorize API access by doing something like
client.request_token(:oauth_callback =>'your callback url')
See example here:
http://pivotallabs.com/users/will/blog/articles/1096-linkedin-gem-for-a-web-app
Update:
I was able to reuse access token and access secret that I received upon Omniauth callback from LinkedIn and pass it on to client.authorize_from_access and got access to LinkedIn API that way. Your mileage may vary as I had to customize linked_in gem to fit my workflow a bit, but once Omniauth gets access token and secret you no longer need to call client.authorize_from_request
Related
in the working project on rails 4 is used omniauth gem for social authorization, connected some social networks
and the appropriate gems are used
omniauth-facebook
omniauth-instagram
omniauth-google-oauth2
now there was a task to add api for mobile authorization, where the scheme is somewhat different:
client starts oauth flow w/ Facebook (using login button etc)
client gets access token and posts back to server
server looks up user via (FB/Instagram/Google) api call w/ token
server does lookup/create of user based on uid & provider
user is logged in if a user association lookup is successful
Help me please how to use received access token from mobile in omniauth and not duplicate the functionality
I solved the problem through monkey patching build_access_token method, in this method i check the presence params[:access_token] parameter
I have a ruby on rails application that currently supports facebook authentication with devise / omniauth.
An iOS client is being built that needs to support facebook authentication also.
My question is, how do I use the access token server side to get the user's email outside of an omniauth callback?
My understanding is that omniauth provides some middleware that on a facebook callback writes an auth hash containing all information to request.env['omniauth.auth']
See: https://github.com/mkdynamic/omniauth-facebook
With an iOS client the flow is a little different, I think:
The user signs into facebook on the client.
The user agrees to give the app access.
The client app posts access_token to the rails API.
Rails app validates access token with facebook and retrieves users details.
It is step 4 that I'm not sure how to do.
Essentially once I have an access token how do I get an auth hash manually when I'm not in an omniauth callback?
Thanks for any help.
Try to use gem "Koala"
Example:
#graph = Koala::Facebook::API.new(oauth_access_token)
profile = #graph.get_object("me")
After much trial and error found the following way to get the user's email using the Koala gem:
#graph = Koala::Facebook::API.new(TOKEN, APP_SECRET)
#graph.get_object('me', :fields => ['email'])
How to I implement normal doorkeeper oauth2 flow after the user authenticates through facebook through my mobile app?
PS I am using doorkeeper gem to implement an oauth2 provider for my mobile app. I use resource owner password credentials flow to implement authentication through user's username and password.
So if a user authenticates through facebook through the mobile app first, how do I authenticate a user through doorkeeper with the facebook access token. So no username/password present in this case(which doorkeeper throws out an error of missing params).
What is the correct way to implement this flow.
1. User authenticates from facebook through the mobile app.
2. Facebook access token is passed to the API server.
3. If the access token is valid, the api server returns the
doorkeeper access token.
4. In case the access token is not valid, the api server returns 401 Unauthorized.
What is the correct approach to implement this flow? Some guidance in the right direction is very much appreciated.
This extension to the existing doorkeeper grant flows, solves exactly this problem:
https://github.com/doorkeeper-gem/doorkeeper-grants_assertion
The assertion flow is an exchange between a provider's access_token, for an access token from your oauth provider.
There is a pull request to fix "NoMethodError (undefined method 'resource_owner_from_assertion' for #)":
Change your Gemfile:
gem "doorkeeper-grants_assertion", github: "Inittec/doorkeeper-grants_assertion", branch: "master"
I've been struggling through Facebook authentication for a canvas app for a while. My approach is as follows:
Check the user's session for an access token.
Check the user's Facebook cookies for an access token.
Check the parameters for a signed_request.
If an access token is found during any of those 3 steps:
I make a call to the graph API requesting the /me resource.
If the call is successful, the user is logged in.
If the call fails (causes an OAuthException), I request a new access token by redirecting the user to the Facebook OAuth endpoint to obtain a code, then obtaining a fresh access token by exchanging that code.
If no access token is found in the session, cookies, or signed_request, I display a landing page.
Is this the correct procedure? I've noticed that oftentimes there is no signed_request present in the parameters if the user's access token has expired. The method Facebook endorses for requesting a fresh access token results in 2 user-facing redirects as well as an API exchange, which seems a bit heavy.
The setup I'm working in is:
Rails v3.0.8
Koala gem v1.2.1
I've followed these guides:
https://github.com/arsduo/koala/wiki/OAuth
https://github.com/arsduo/koala/wiki/Koala-on-Rails
https://developers.facebook.com/blog/post/500/
Have you considered using Omniauth? (https://github.com/intridea/omniauth) It wraps up all this stuff and lets you easily extend to other sites as well.
I'm building a Rails web app. I use OmniAuth for authentication.
I would like to provide API access but only after the user has authenticated themselves with OAuth (via twitter mainly).
Any suggestions of where to start?
EDIT: add more context as requested
Not trying to become an Oauth provider, but simply use the same login tokens. For example, you log into my app through twitter. You have both the token and secret OAuth tokens. I want to use those tokens to allow a user API access to the site.
I have a similar question: Retrieving OAuth tokens (on server) from Faraday OAuth module (from client)