Based on this article, it seems like SO is using Javascript OpenID Selector (JOIS) to handle OpenID logins in its "view".
I love the simple interface and I would like to use it in a Rails project.
I know that RPX would probably be the easier choice, but I'd like to build this on my own.
Can you help me find answers to a few questions I have?
Has anyone of you already done this
or does anyone know of a good
example?
What setup (combination of
plugins/gems) would you recommend if
I'm using JOIS in my
view?
Is there a JOIS
implementation (or anything similar besides RPX) based on Prototype
instead of JQuery?
Will I need another library besides the Ruby OpenID library
to support all the account providers (OpenID, Google, Yahoo, etc.) supported
by JOIS?
Thank you!
In answer to #4, no. All the options provided by the OpenID Selector are standard OpenID Providers and the ruby OpenID library (I'm assuming you're talking about the Janrain one) supports all of them.
Sorry I can't help you with the rest. I haven't actually used the Ruby library myself for over 3 years.
I made open-selector.com as an alternateive to IdSelector. You're free to check the code and look at it (its just one .js file)
There is really no need to mess with the server side authentication at all, as long as you can submit a form you're good to go.
I used Jquery but mostly for altering CSS attributes and to help node selection, you can easily do this with any other JS framework
If you're talking about a JS solution, it shoudln't matter what technology is behind the website login process (see #2). The OpenID Protocol aims to be provider agnostic so your standard OpenID library should do for any provider supporting OpenID (Google, Yahooo, MySpace, etc)
I helped myself and implemented Javascript OpenID-Selector with Rails (though with JQuery instead of Prototype):
https://github.com/vazqujav/authlogic_openid_selector_example
Related
Related to this question but looking for a more current set of recommendations w/ Rails 4 and Ember.js.
Is it better to use one, versioned API for users to connect via the Ember UI as well as for 'applications' to use w/ an API key or something? Or would it be better to create two, distinct APIs for this? (i.e. two sets of controllers that have the appropriate restrictions.)
The first is more desirable = less work.
The second just seems to solve problems handling authentication via Devise or the API key, etc.
I know there isn't an objective answer to this so I beg everyone's pardon in advance. I appreciate all reasoned input.
There are probably some situations where it might make sense to have two separate APIs but if your only reason is for authentication, I don't think it would make sense.
You should look into something like Doorkeeper that allows you to act as an Oauth2 provider, similar to Twitter, Facebook, and Google. Doorkeeper can be used with Devise and allows you to create both user specific access tokens as well as create applications which have their own access tokens.
There's also a Railscast about using Doorkeeper.
We have a website, and want to allow users on the site to chat with the providers (if they are online). To make it as simple as possible, we'd either ask the providers for their Google Voice/AIM username or just ask them to have our website open.
Any ideas on best ways to implement this (we are using HTML5/CSS3/RoR3 and don't support old browsers) or even better, perhaps a solution out there that does this. To my knowledge, olark, livechat, etc don't provide this...
FYI: I prefer an open source solution vs. building it myself.
There was a recent railscast regarding messaging where Ryan built a chat program with push support (not polling). Seems a decent place to start if your requirements are easy going:
http://railscasts.com/episodes/260-messaging-with-faye
This question aims to understand RoR and frameworks in general. It looks like RoR never had any standard user authentication system. Was it just historical reason (just happened naturally as it did)... or could it be intentional? Because RoR is a website building tool, more often than not, user authentication is a crucial part of a website.
To put it into perspective, another question is, do other popular frameworks, Django, Symfony, CakePHP, have user authentication built in?
There is no reasonably generic way to do user authentication. Most frameworks leave it up to you to choose the plugin that most closely matches what you're trying to accomplish.
For example, consider these two situations:
a blog which has a single administrator with password-protected admin-facing tools
a site like YouTube which allows users to sign up and administer their own content
Both of these sites would require vastly different authentication systems; which of these systems should Rails cater to out-of-the-box?
The Rails core team wanted to ensure that Rails was open-ended enough to make anything you want. There is no one-size-fits-all authentication scheme, so the core team decided to leave it out. Rails is easily extendable via gems and plugins, so that is where they belong.
Some examples are Warden and the Rails Warden plugin, Devise, Authlogic, and Restful Authentication.
CakePHP has a built in Authentication component that is pretty straight forward and easy to implement.
Most of these frameworks you mentioned are toolkits, not complete products. You build these things yourself, or leverage plugins from the community. Django's admin plugin/module has authentication out of the box though. Drupal does too, as a matter of fact.
Authentication can be(and is in my opinion) a matter of taste and need. If Rails was including things like that, it would start to become a website and not a framework. The programmer has to be free to choose among various implementations. That is why gems are available.
I've been programming a little in Rails and CakePHP, and I can say that Rails doesn't need to provide a mechanism like this. The community is very very good, and there are many examples (already said, like Devise, Authlogic...) made by very good programmers. Of course, there are many tutorials online (and also, railscasts, which are simply awesome) to program a succesful set-up for your project. So, if we have all of this, why should we need something like cakePHP mechanism? It's OK, it works, but there's just a very good tutorial and that's all( and maybe enough..). So, in the end, if u have a nice community you shouldn't care about the core of the technology, there will be always someone else more experienced with your needs that will do it for you. And if you don't find it, do it by yourself and in the proccess you will find a lot of help! :)
I'm looking to build an application that handles authentication and authorization for a variety of smaller apps that may or may not be rails applications (e.g. some with sinatra, some with non-ruby frameworks, etc). These applications will be on separate domains.
Can I do this with Authlogic? I do not want to setup a rails application for each application, just use a central authenticator. I'm sure as I start reading and working the answer would become evident, but I'm trying to avoid a dead end (doing work and research, then finding out this can't be done.)
From what I've read this is a use case, and I'm looking for input from people who've done similar. This is at the idea stage so if i can offer more detail, let me know.
I think you are planning to build a cross domain, single sign-on service. Besides building your own, there are a quite a few project that do this out of the box.
rubycas is one of them : http://code.google.com/p/rubycas-server/
You could also look into open Id (http://openid.net), where the login functionality is done by a third party authentication server.
In case you want to roll your own:
It doesn't really matter which authentication plugin/system you will use. (I would choose devise/warden, but Authlogic will do just fine). Instead you need to focus on understanding the security problems and the http interaction between your service, the browser and the application for which authentication is used. I think it's doable, but you need to know what you are doing.
Today, the cool kids use warden, or the railsy thingy devise.
Im not sure but i think you cant use authlogic with a non-ruby-app.
I would probably go with Devise as well but you should look into some plugins for it like JanRain's Engage (used to be RPX Now). It allows you to use quite a few social login options (Facebook, Twitter, etc.) http://www.janrain.com/products/engage.
Ryan Bates from Railscasts.com just posted an episode on Devise using Engage this morning. http://railscasts.com/episodes/233-engage-with-devise
There are some more episodes about Devise on Railscasts too. http://railscasts.com/episodes?search=devise
If I were you I wouldn't reinvent the wheel. I'd use a third party service to authenticate and just get on with the project. Social connectors such as Engage will provide this functionality for you without all the time and expertise.
I am new to this community, but I am working on a site that requires implementation of a user/password/register check upon entry, which would check against a database, or write to the database, in the case of registration. I have experience with XHTML and CSS, and just discovered RoR. I honestly have very little insight into how to achieve my goal using just XHTML, so I decided to learn Ruby, taking a shot in the dark. I'm wondering if there's an easier language, or more direct fix that I should be implementing instead. Any thoughts?
I would recommend looking at Restful Authentication.
Also, for good code examples in general, have a look at Altered Beast. It's a forum built in Ruby on Rails and it uses Restful Authentication.
Are you looking for information on how to implement user authentication in Rails? You could try acts_as_authenticated.
Check out the book called Agile Web Development with rails. It has two parts, a step-by-step walkthrough of creating an application, and a reference section on rails. I recently started a contract job where I chose RoR as my framework without any experience in it. This book has been an immense resource to teach me Ruby on Rails. It also specifically teaches how to implement the authorization you are talking about.