Im starting to learn RoR and i want to make my personal blog in this language. I usually code a couple of prototypes on top of whatever im doing in my blog. So i would like people to be able to log in, and register with their openID. So i was about to jump to the coding place when i realized the concept of gems and all that stuff is giving you tools for this kind of things.
So is there some kind of package to manage users, profiles and openId?
check out technoweeni's restful-authentication plugin
I'd advise you to look at bort as a complete RoR skeletton app with RESTful auth builtin, one of its fork here or at AuthLogic a less intrusive auth solution for Rails (and Merb and some others).
Take a look at the bort skeleton app. It has restful auth and openid authentication already setup among other things.
Railscasts also has a number of screencasts about setting up authentication, restful authentication and OpenID.
One thing you want to be aware of to avoid hours of headache: the Ruby OpenID library changed substantially with OpenID 2.0, so if you're using a plugin or example code from a blog, be sure you're using the version of OpenID to which it corresponds.
There are several plugins; one with lot of activity is open_id_authentication.
Dan Webb has a good guide to OpenID authentication in Rails that walks you through writing the actual code, but note that, at least last I checked, it hadn't been updated for OpenID 2.0.
Related
We need to have basic authentication in our Rails 3 app but the requirements are to also integrate with providers such as facebook, linked in, google apps, twitter, etc.
We are looking at:
Clearance
Divise
AuthLogic
... and others.
Any advice on which one to use that provides most of what we need?
OmniAuth is great for plugging in to third party authentication:
Code: https://github.com/intridea/omniauth
http://railscasts.com/episodes/235-omniauth-part-1
and
http://railscasts.com/episodes/236-omniauth-part-2
The above railscasts are great resources for a simple overview of using OmniAuth.
Devise is the current top dog, as it sets up sensible defaults, and makes it remarkably easy to override parts of the authentication system without affecting the rest.
It also has a branch and instructions to easily support OmniAuth for OAuth/OpenID authentication: https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
I'm not experienced with either of these gems but I came across this blog post that had some high level points comparing Devise and Authlogic. http://www.quora.com/Ruby-on-Rails/How-should-I-choose-an-authentication-gem
This one persuaded me to start with Authlogic:
When a user logs in I like to set a cookie that has the username so I can access it from JavaScript. I know how to do this with Authlogic: add a line of code to UserSessionsController#create. How do I do it with Devise? I can't see how. (I don't want to do it on every page request. Just when they authenticate.)
You can give a shot to Sorcery gem which nicely handle third party authentification.
I found it easy to learn and to implement, and it's well documented too.
I don't try the other gems but this one is growing very fast right now, despite the fact that it's not an very old project
Good luck!!!
I am developing an API in Ruby on Rails 3 and I would like to secure it with Oauth2.
In other words, I need to create an Oauth provider. Is there a working gem for Rails 3 out there or perhaps a tutorial on the issue?
UPDATE
I know Rails are REST based so I find it very strange that there are no tutorials on how to create a public API and secure it. Does anyone know of any good tutorials. Preferable with oAuth.
Thankful for all help!!
Check out this gem https://github.com/applicake/doorkeeper
It is for Rails 3, the development it's early stages though.
There's also an example app that you take a look and see how the API is done.
http://doorkeeper-provider.herokuapp.com/
I've opensourced an OAuth2 server implementation yesterday.
It's well documented and there is a dashboard to control accesses. Right now I'm searching for somebody who wants to build an engine starting from it, or something cool on top of rack. That's why it is open-source.
https://github.com/intridea/oauth2 is the canonical gem right now for OAuth2 dev. If you are looking for a more complete solution, instead of rolling your own provider code, check out:
https://github.com/songkick/oauth2-provider
https://github.com/freerange/oauth2-provider
But I suggest messing around with the oauth2 gem if you aren't very familiar with the flow so that you can learn it better.
If you are using (or planning to use) devise for authentication, you can use https://github.com/socialcast/devise_oauth2_providable as plugin.
I'm developing a rugygem for OAuth2 provider, Rack::OAuth2.
https://github.com/nov/rack-oauth2
It requires to develop models (token, code, client etc) by yourself, but you can get a whole Rails3 sample OAuth2 server here.
https://github.com/nov/rack-oauth2-sample
I'm looking to implement an OAuth2 provider, too! I'm currently experimenting with this https://github.com/assaf/rack-oauth2-server, which seems to be a full-featured OAuth2 server, though it still supports only MongoDB, although implementing support for other DBMS seems simple enough. I am also looking at some of the other options posted here, lots of promising stuff!
"Doorkeeper is a gem that makes it easy to introduce OAuth 2 provider functionality to your application."
https://github.com/applicake/doorkeeper
I see a similar question for Ubuntu, but I'm interested in hosting my own OpenID provider through my Rails-based site that already has an identity and authentication system in place.
Note that I'm not looking for the delegate method to use the site as an OpenID.
What's the best way to do this properly?
This "No Shit Guide To Supporting OpenID In Your Applications"
seems to be a step-by-step tutorial for what you want to do.
Railscasts episode 68 OpenID authentication describes how to do exactly this. It's about a year old, so you may have to do some stuff differently. I'd also strongly for either an updated or newer OpenID plugin (the link for the one in the video is labeled "outdated").
Err, wait, that is to support OpenID authentication in a Rails application you are writing, not to have run an OpenID endpoint in rails.. Here is a guide to implimenting an OpenID server/endpoint in Rails pretty-much form scratch.. gem install openid-server might be easier, but you'll learn more implementing it yourself, and the code is pretty simple.
This reminds me that the overview docs for ruby-openid server are still missing. But you can see the example, and until the docs are ported over, see the docs for the python implementation which follows the same object model.
What is current state of the art for enabling OpenID login in Ruby on Rails applications? This is a community wiki with up-to-date answers to this question.
Authlogic
The most advanced authentication solution seems to be Authlogic. It supports OpenID with Authlogic OpenID plugin. It supports Rails 4 and 3. Rails 2 is supported in the rails2 branch.
You may want to watch "OpenID with Authlogic" railscast (and the "Authlogic" railscast).
There is a sample application called Authlogic OpenID Selector Example.
Devise
Devise is flexible authentication framework for Rails. It supports OpenID with devise_openid_authenticatable.
restful_authentication
Another authentication library of choice is restful_authentication Rails plugin. Seems like you also need to install open_id_authentication plugin.
You may want to watch (old, circa 2007) "OpenID Authentication" railscast.
Ruby OpenID
Raw support for OpenID protocol is handled by Ruby OpenID library.
Check out this Railscast on OpenId for more info. I'm not sure if/how it might work alongside restful_authentication, but might be a good resource. (I haven't watched it yet)
What I've done is use restful-authentication and then blend the open_id_authentication plugin into your application. It might help to setup the open_id_authentication plugin on a test app as well, so you can determine the changes you'll need to make to the users table.
The definitive resource should be the rails wiki, although I use should advisedly because things have been changing quite fast when it comes to OpenID support.
Ryan Bates' Railscast on Openid is the best thing I've found to follow. Even though it was recorded with Rails 1.2.3, I've been able to successfully follow the tutorial with Rails 2.1.0. The only point to note is that for:
gem install ruby-openid
I installed 2.1.2, rather than the 1.1.4 used in railscast.
The OpenID plugin used is open_id_authentication, and I tested it in combination with restful_authentication from git://github.com/technoweenie/restful-authentication.git
NB: I subsequently wrote this up in a blog post.
The only gem I know of that supports OpenID Connect (the latest version) is:
https://github.com/nov/openid_connect
However, it has absolutely no documentation. :(
Oddly, this subject doesn't appear to have received much attention from the Rails community since 2007.
The latest trunk of Bort didn't seem to work with Rails 2.3.x, so I forked it and got it working.
I also added some things that I personally use - like yui reset/base, jquery, etc.
The fork is very much still a work in progress, but I hope to provide broad, tested authentication support for restful auth, google auth, facebook connect, twitter, etc.
http://github.com/lukebayes/bort
I have found that using BinaryLogic's Authlogic gems are quite easy and straightforward to use. See Authlogic and its OpenID plugin.
You can download an example application or try it!
Bort now has OpenID included, in addition to restful_authentication.
Keep an eye on Bort. It is a base rails application which already has restful_authentication setup among other things. The guy doing it is planning on adding OpenID.
What is current state of the art for enabling OpenID login in Ruby on Rails applications? This is a community wiki with up-to-date answers to this question.
Authlogic
The most advanced authentication solution seems to be Authlogic. It supports OpenID with Authlogic OpenID plugin. It supports Rails 4 and 3. Rails 2 is supported in the rails2 branch.
You may want to watch "OpenID with Authlogic" railscast (and the "Authlogic" railscast).
There is a sample application called Authlogic OpenID Selector Example.
Devise
Devise is flexible authentication framework for Rails. It supports OpenID with devise_openid_authenticatable.
restful_authentication
Another authentication library of choice is restful_authentication Rails plugin. Seems like you also need to install open_id_authentication plugin.
You may want to watch (old, circa 2007) "OpenID Authentication" railscast.
Ruby OpenID
Raw support for OpenID protocol is handled by Ruby OpenID library.
Check out this Railscast on OpenId for more info. I'm not sure if/how it might work alongside restful_authentication, but might be a good resource. (I haven't watched it yet)
What I've done is use restful-authentication and then blend the open_id_authentication plugin into your application. It might help to setup the open_id_authentication plugin on a test app as well, so you can determine the changes you'll need to make to the users table.
The definitive resource should be the rails wiki, although I use should advisedly because things have been changing quite fast when it comes to OpenID support.
Ryan Bates' Railscast on Openid is the best thing I've found to follow. Even though it was recorded with Rails 1.2.3, I've been able to successfully follow the tutorial with Rails 2.1.0. The only point to note is that for:
gem install ruby-openid
I installed 2.1.2, rather than the 1.1.4 used in railscast.
The OpenID plugin used is open_id_authentication, and I tested it in combination with restful_authentication from git://github.com/technoweenie/restful-authentication.git
NB: I subsequently wrote this up in a blog post.
The only gem I know of that supports OpenID Connect (the latest version) is:
https://github.com/nov/openid_connect
However, it has absolutely no documentation. :(
Oddly, this subject doesn't appear to have received much attention from the Rails community since 2007.
The latest trunk of Bort didn't seem to work with Rails 2.3.x, so I forked it and got it working.
I also added some things that I personally use - like yui reset/base, jquery, etc.
The fork is very much still a work in progress, but I hope to provide broad, tested authentication support for restful auth, google auth, facebook connect, twitter, etc.
http://github.com/lukebayes/bort
I have found that using BinaryLogic's Authlogic gems are quite easy and straightforward to use. See Authlogic and its OpenID plugin.
You can download an example application or try it!
Bort now has OpenID included, in addition to restful_authentication.
Keep an eye on Bort. It is a base rails application which already has restful_authentication setup among other things. The guy doing it is planning on adding OpenID.