I'm loving the ease of OmniAuth, but I'm having a hard time connecting the dots on making additional api calls after I receive the token back.
I'll use LinkedIn as an example, but it's not LinkedIn that's the issue, more so my lack of understanding on how to make subsequent calls after I have authenticated.
I can make the request to LinkedIn and authenticate just fine.
Then I get the hash back and it's completely populated.
Now I would like to call LinkedIn back and get my complete profile data or maybe a list of contacts. How do I do this? Will I need the oauth gem after all?
I'd prefer to avoid app specific gems because I will have to make the same requests to twitter and facebook.
Omniauth is designed for authentification only.
Marcel Falliere is right. Omniauth is just for authentication.
You can have a look at this plugin, it could solve your problem.
https://github.com/pengwynn/linkedin
I think I just found out the answer to it.
after completion of oauth process with service provider(fb, twitter) omniauth saves the user. here it passes a hash to the user object and the content of hash are here https://github.com/intridea/omniauth/wiki/Auth-Hash-Schema these credentials part can be used to request further request( infact u will have to save these in your user object).
Related
I'll describe my question through my use case -- I (using the tweetstream gem) receive and process tweets on a push basis, and for some of those events, I reply to the user with a link to a signup form for my website. Currently, users have to do auth via twitter on my site before they can submit the sign up form so that I can securely verify that they own that twitter account they claim to be.
However, that is preventing a lot of conversion, so I would like to remove the login with twitter step. My thought then, was that on receiving an event, I could hash their twitter user_id with a random string I store, and add that hash (token) as a query param on the signup link. The link would autofill the token into a hidden field in the signup form, thus (I think?) allowing us to verify the user's twitter id again on form submission.
The one caveat to this is someone could use another user's signup link and appear as them, but this isn't a concern in our case because due to the nature of the signup data. Doing that maliciously wouldn't make sense, and doing it unintentionally, we can do by displaying the apparent twitter handle prominently on the form. Account access post signup will still require login with twitter so that isn't an issue either.
So my question then is, does this seem like a sound approach, and are there any rails gems that have this functionality or would be useful? (Basically a custom version of how authenticity token protection works I think) Thanks!
I think a better approach is not having a signup form and instead simply letting people login using twitter. Is there really something you need them to manually fill in on the signup forum that you can't automatically retrieve when they login with twitter?
I am trying to implement a facebook user authentication in my iOS6 App through my Rails Backend running with Devise using omniauth. I am looking for a step by step guide how to setup my API and Devise + Authentication.
I only have a only have a rough knowledge about how to do that.
(on App) check if the user signs in on his facebook on iPhone
iPhone is authenticated client sided on Facebook. FB passes me his mobile auth token
I send my auth token or auth hash to my rails backend via API RESTful SSL.
Rails receives the Token and checks if it is valid. ( What command uses the least traffic against FB Graph API? with Koala Gem)
If valid. Check if the user already exists. If not, create a new user.
Create a new session.
Is this correct?
Are there any good examples?
Thank you very much.
I'm not familiar with the iPhone piece, but your approach after that is generally accurate. The only exception is that you would typically use provider + uid to find or create a user, rather than a token. That might be what you meant by your #5, but it wasn't clear to me.
Beyond that, there is a good (paid) Railscast on the subject of Omniauth + Devise, which would probably be worth the price for you:
http://railscasts.com/episodes/235-devise-and-omniauth-revised
It covers how you can receive and handle the auth hash, and it gives you a nice starting point for what your methods will look like.
if you don't access to pro episodes i have some links to help.
http://jessewolgamott.com/blog/2012/01/19/the-one-with-a-json-api-login-using-devise/
you can also look into it
http://net.tutsplus.com/tutorials/ruby/how-to-use-omniauth-to-authenticate-your-users/
Nice and easy to code
http://blog.joshsoftware.com/2010/12/16/multiple-applications-with-devise-omniauth-and-single-sign-on/
I hope these will work for you :)
http://www.orhancanceylan.com/rails-twitter-and-facebook-authentications-with-omniauth-and-devise/
My goal is to use these bundles to connect to MailChimp OAuth or Facebook (not necessarily as a login option but that could come later - right now just want my app authorized to access the MailChimp API) - I've got the whole process somewhat working in the sense that I can be redirect to MailChimp or Facebook, allow my app and the I am always redirected to to my failur_path as defined in my security.yml. I presume this is correct behavior since I do not have users with the matching tokens. My question is... how do I create these users in the first place? Or rather how do I get the provided oauth token into the user's data for later user/authentication?
Thanks
I know it's old, but in case someone didn't find it:
https://gist.github.com/danvbe/4476697
I am reading this tutorial: http://blog.dhavalparikh.co.in/2009/06/step-by-step-twitter-oauth-integration-with-rails/
OK, first redirect to twitter connect page. When I allow the connection, twitter redirect to https://twitter.com/oauth/authorize with a code for connect but this must redirect to a action which connect and create a new user in my db.
SO which could be the problem? How i must config the twitter application callback url and app url for localhost.
please i need this answer
Thanks in advance
This doesn't really answer your question but is a nicer way to do this.
Omniauth is a nice gem for rails that makes it very easy to offer twitter, facebook etc. login.
A good intro to this was created by Ryan Bates of Railscasts.
The problem is: Twitter send the token information via post. SO i receive the token by params.
Also there is a problem with oauth 0.4.
I am using oauth 0.3.4 because work in the correct form when twitter try redirect to callback url.
After authenticating with Omniauth/facebook, checkins dont seem to be included inside the data hash I am receiving from request.env["omniauth.auth"], I have authorized for checkins and can see them fine when hitting the url with my access code..
Anybody have any ideas?
Look at: https://github.com/nsanta/fbgraph instead. Omniauth isn't really intended for scraping all the possible facebook data, just for authenticating.