I am working on an application that is currently using thoughtbot's clearance as its authentication piece. I want to add openID to this application and know that thoughtbot has an open_id_authentication plugin. Does anyone know how easy it is to go about doing this or if there is a tutorial or anything somewhere?
The "open_id_authentication" plugin is not originally Thoughtbot's, it's probably just their fork of the main one. That plugin provides some useful controller methods, but doesn't integrate with Clearance out-of-the-box. You'll have to study how both work and write additional code in your app that inherits from Clearance controllers and mixes in OpenID authentication logic.
Related
Using Ruby on Rails, I've been trying to find best practices for building an authentication API in order to ensure security. Are there guidelines or aspects I should pay attention to?
You should use gems for authentication Devise or AuthLogic. They're quite good, have a lot of functionality and are extendable. Devise has RESTful API. Have a look inside the code.
I am wondering how I can build the registration process like we have in Stack Overflow, where a user can login using one of several already existing accounts? I would prefer using Rails as a technology platform.
Are you looking for this?
http://testingauth.heroku.com/
I'm not sure this is exactly what you need, but the devise module, available on github, makes it very easy to build a authentication system in a rails application.
For authorization, another great module is called "cancan". You might need that too.
Check out OmniAuth. There are a few railscasts describing it.
You can use omniauth gem to implement openId auth. Also, it possible to extend your existing user auth systems. See great screencast about this at railscast: OmniAuth Part 1
Im starting to learn RoR and i want to make my personal blog in this language. I usually code a couple of prototypes on top of whatever im doing in my blog. So i would like people to be able to log in, and register with their openID. So i was about to jump to the coding place when i realized the concept of gems and all that stuff is giving you tools for this kind of things.
So is there some kind of package to manage users, profiles and openId?
check out technoweeni's restful-authentication plugin
I'd advise you to look at bort as a complete RoR skeletton app with RESTful auth builtin, one of its fork here or at AuthLogic a less intrusive auth solution for Rails (and Merb and some others).
Take a look at the bort skeleton app. It has restful auth and openid authentication already setup among other things.
Railscasts also has a number of screencasts about setting up authentication, restful authentication and OpenID.
One thing you want to be aware of to avoid hours of headache: the Ruby OpenID library changed substantially with OpenID 2.0, so if you're using a plugin or example code from a blog, be sure you're using the version of OpenID to which it corresponds.
There are several plugins; one with lot of activity is open_id_authentication.
Dan Webb has a good guide to OpenID authentication in Rails that walks you through writing the actual code, but note that, at least last I checked, it hadn't been updated for OpenID 2.0.
What is current state of the art for enabling OpenID login in Ruby on Rails applications? This is a community wiki with up-to-date answers to this question.
Authlogic
The most advanced authentication solution seems to be Authlogic. It supports OpenID with Authlogic OpenID plugin. It supports Rails 4 and 3. Rails 2 is supported in the rails2 branch.
You may want to watch "OpenID with Authlogic" railscast (and the "Authlogic" railscast).
There is a sample application called Authlogic OpenID Selector Example.
Devise
Devise is flexible authentication framework for Rails. It supports OpenID with devise_openid_authenticatable.
restful_authentication
Another authentication library of choice is restful_authentication Rails plugin. Seems like you also need to install open_id_authentication plugin.
You may want to watch (old, circa 2007) "OpenID Authentication" railscast.
Ruby OpenID
Raw support for OpenID protocol is handled by Ruby OpenID library.
Check out this Railscast on OpenId for more info. I'm not sure if/how it might work alongside restful_authentication, but might be a good resource. (I haven't watched it yet)
What I've done is use restful-authentication and then blend the open_id_authentication plugin into your application. It might help to setup the open_id_authentication plugin on a test app as well, so you can determine the changes you'll need to make to the users table.
The definitive resource should be the rails wiki, although I use should advisedly because things have been changing quite fast when it comes to OpenID support.
Ryan Bates' Railscast on Openid is the best thing I've found to follow. Even though it was recorded with Rails 1.2.3, I've been able to successfully follow the tutorial with Rails 2.1.0. The only point to note is that for:
gem install ruby-openid
I installed 2.1.2, rather than the 1.1.4 used in railscast.
The OpenID plugin used is open_id_authentication, and I tested it in combination with restful_authentication from git://github.com/technoweenie/restful-authentication.git
NB: I subsequently wrote this up in a blog post.
The only gem I know of that supports OpenID Connect (the latest version) is:
https://github.com/nov/openid_connect
However, it has absolutely no documentation. :(
Oddly, this subject doesn't appear to have received much attention from the Rails community since 2007.
The latest trunk of Bort didn't seem to work with Rails 2.3.x, so I forked it and got it working.
I also added some things that I personally use - like yui reset/base, jquery, etc.
The fork is very much still a work in progress, but I hope to provide broad, tested authentication support for restful auth, google auth, facebook connect, twitter, etc.
http://github.com/lukebayes/bort
I have found that using BinaryLogic's Authlogic gems are quite easy and straightforward to use. See Authlogic and its OpenID plugin.
You can download an example application or try it!
Bort now has OpenID included, in addition to restful_authentication.
Keep an eye on Bort. It is a base rails application which already has restful_authentication setup among other things. The guy doing it is planning on adding OpenID.
What is current state of the art for enabling OpenID login in Ruby on Rails applications? This is a community wiki with up-to-date answers to this question.
Authlogic
The most advanced authentication solution seems to be Authlogic. It supports OpenID with Authlogic OpenID plugin. It supports Rails 4 and 3. Rails 2 is supported in the rails2 branch.
You may want to watch "OpenID with Authlogic" railscast (and the "Authlogic" railscast).
There is a sample application called Authlogic OpenID Selector Example.
Devise
Devise is flexible authentication framework for Rails. It supports OpenID with devise_openid_authenticatable.
restful_authentication
Another authentication library of choice is restful_authentication Rails plugin. Seems like you also need to install open_id_authentication plugin.
You may want to watch (old, circa 2007) "OpenID Authentication" railscast.
Ruby OpenID
Raw support for OpenID protocol is handled by Ruby OpenID library.
Check out this Railscast on OpenId for more info. I'm not sure if/how it might work alongside restful_authentication, but might be a good resource. (I haven't watched it yet)
What I've done is use restful-authentication and then blend the open_id_authentication plugin into your application. It might help to setup the open_id_authentication plugin on a test app as well, so you can determine the changes you'll need to make to the users table.
The definitive resource should be the rails wiki, although I use should advisedly because things have been changing quite fast when it comes to OpenID support.
Ryan Bates' Railscast on Openid is the best thing I've found to follow. Even though it was recorded with Rails 1.2.3, I've been able to successfully follow the tutorial with Rails 2.1.0. The only point to note is that for:
gem install ruby-openid
I installed 2.1.2, rather than the 1.1.4 used in railscast.
The OpenID plugin used is open_id_authentication, and I tested it in combination with restful_authentication from git://github.com/technoweenie/restful-authentication.git
NB: I subsequently wrote this up in a blog post.
The only gem I know of that supports OpenID Connect (the latest version) is:
https://github.com/nov/openid_connect
However, it has absolutely no documentation. :(
Oddly, this subject doesn't appear to have received much attention from the Rails community since 2007.
The latest trunk of Bort didn't seem to work with Rails 2.3.x, so I forked it and got it working.
I also added some things that I personally use - like yui reset/base, jquery, etc.
The fork is very much still a work in progress, but I hope to provide broad, tested authentication support for restful auth, google auth, facebook connect, twitter, etc.
http://github.com/lukebayes/bort
I have found that using BinaryLogic's Authlogic gems are quite easy and straightforward to use. See Authlogic and its OpenID plugin.
You can download an example application or try it!
Bort now has OpenID included, in addition to restful_authentication.
Keep an eye on Bort. It is a base rails application which already has restful_authentication setup among other things. The guy doing it is planning on adding OpenID.