What is current state of the art for enabling OpenID login in Ruby on Rails applications? This is a community wiki with up-to-date answers to this question.
Authlogic
The most advanced authentication solution seems to be Authlogic. It supports OpenID with Authlogic OpenID plugin. It supports Rails 4 and 3. Rails 2 is supported in the rails2 branch.
You may want to watch "OpenID with Authlogic" railscast (and the "Authlogic" railscast).
There is a sample application called Authlogic OpenID Selector Example.
Devise
Devise is flexible authentication framework for Rails. It supports OpenID with devise_openid_authenticatable.
restful_authentication
Another authentication library of choice is restful_authentication Rails plugin. Seems like you also need to install open_id_authentication plugin.
You may want to watch (old, circa 2007) "OpenID Authentication" railscast.
Ruby OpenID
Raw support for OpenID protocol is handled by Ruby OpenID library.
Check out this Railscast on OpenId for more info. I'm not sure if/how it might work alongside restful_authentication, but might be a good resource. (I haven't watched it yet)
What I've done is use restful-authentication and then blend the open_id_authentication plugin into your application. It might help to setup the open_id_authentication plugin on a test app as well, so you can determine the changes you'll need to make to the users table.
The definitive resource should be the rails wiki, although I use should advisedly because things have been changing quite fast when it comes to OpenID support.
Ryan Bates' Railscast on Openid is the best thing I've found to follow. Even though it was recorded with Rails 1.2.3, I've been able to successfully follow the tutorial with Rails 2.1.0. The only point to note is that for:
gem install ruby-openid
I installed 2.1.2, rather than the 1.1.4 used in railscast.
The OpenID plugin used is open_id_authentication, and I tested it in combination with restful_authentication from git://github.com/technoweenie/restful-authentication.git
NB: I subsequently wrote this up in a blog post.
The only gem I know of that supports OpenID Connect (the latest version) is:
https://github.com/nov/openid_connect
However, it has absolutely no documentation. :(
Oddly, this subject doesn't appear to have received much attention from the Rails community since 2007.
The latest trunk of Bort didn't seem to work with Rails 2.3.x, so I forked it and got it working.
I also added some things that I personally use - like yui reset/base, jquery, etc.
The fork is very much still a work in progress, but I hope to provide broad, tested authentication support for restful auth, google auth, facebook connect, twitter, etc.
http://github.com/lukebayes/bort
I have found that using BinaryLogic's Authlogic gems are quite easy and straightforward to use. See Authlogic and its OpenID plugin.
You can download an example application or try it!
Bort now has OpenID included, in addition to restful_authentication.
Keep an eye on Bort. It is a base rails application which already has restful_authentication setup among other things. The guy doing it is planning on adding OpenID.
Related
I am developing an API in Ruby on Rails 3 and I would like to secure it with Oauth2.
In other words, I need to create an Oauth provider. Is there a working gem for Rails 3 out there or perhaps a tutorial on the issue?
UPDATE
I know Rails are REST based so I find it very strange that there are no tutorials on how to create a public API and secure it. Does anyone know of any good tutorials. Preferable with oAuth.
Thankful for all help!!
Check out this gem https://github.com/applicake/doorkeeper
It is for Rails 3, the development it's early stages though.
There's also an example app that you take a look and see how the API is done.
http://doorkeeper-provider.herokuapp.com/
I've opensourced an OAuth2 server implementation yesterday.
It's well documented and there is a dashboard to control accesses. Right now I'm searching for somebody who wants to build an engine starting from it, or something cool on top of rack. That's why it is open-source.
https://github.com/intridea/oauth2 is the canonical gem right now for OAuth2 dev. If you are looking for a more complete solution, instead of rolling your own provider code, check out:
https://github.com/songkick/oauth2-provider
https://github.com/freerange/oauth2-provider
But I suggest messing around with the oauth2 gem if you aren't very familiar with the flow so that you can learn it better.
If you are using (or planning to use) devise for authentication, you can use https://github.com/socialcast/devise_oauth2_providable as plugin.
I'm developing a rugygem for OAuth2 provider, Rack::OAuth2.
https://github.com/nov/rack-oauth2
It requires to develop models (token, code, client etc) by yourself, but you can get a whole Rails3 sample OAuth2 server here.
https://github.com/nov/rack-oauth2-sample
I'm looking to implement an OAuth2 provider, too! I'm currently experimenting with this https://github.com/assaf/rack-oauth2-server, which seems to be a full-featured OAuth2 server, though it still supports only MongoDB, although implementing support for other DBMS seems simple enough. I am also looking at some of the other options posted here, lots of promising stuff!
"Doorkeeper is a gem that makes it easy to introduce OAuth 2 provider functionality to your application."
https://github.com/applicake/doorkeeper
we're developing a Facebook Canvas App in Rails 2.3.8, we tried a couple of gems out there and for now we're using mini_fb but it's not really well documented and we're having some issue with the authentication/authorization process, and more importantly we couldn't find a tutorial on how integrate cucumber.
I know there're plenty of options out there: facebooker (too old?), oauth2 gem, omniauth, mogli and so on.
What we ideally need is:
Support for Canvas/iFrame app (not just Facebook connect)
Support for the new OAuth 2.0 for Canvas (beta) facebook docs & for the old REST API as well
Documentation (very hard to find, also cause Facebook API are in first place not so extensively documentend, especially for Ruby)
Support/Documentation/Tutorials for Cucumber integration
Cover basic API features like Wall posting, Friends handling ...
What's the best option in your opinion/past experience?
Thank you guys,
Leo
Take a look at Koala...
https://github.com/arsduo/koala/
Very well documented and maintained.
Works with Ruby 1.8/1.9 & Rails 2/3
Im starting to learn RoR and i want to make my personal blog in this language. I usually code a couple of prototypes on top of whatever im doing in my blog. So i would like people to be able to log in, and register with their openID. So i was about to jump to the coding place when i realized the concept of gems and all that stuff is giving you tools for this kind of things.
So is there some kind of package to manage users, profiles and openId?
check out technoweeni's restful-authentication plugin
I'd advise you to look at bort as a complete RoR skeletton app with RESTful auth builtin, one of its fork here or at AuthLogic a less intrusive auth solution for Rails (and Merb and some others).
Take a look at the bort skeleton app. It has restful auth and openid authentication already setup among other things.
Railscasts also has a number of screencasts about setting up authentication, restful authentication and OpenID.
One thing you want to be aware of to avoid hours of headache: the Ruby OpenID library changed substantially with OpenID 2.0, so if you're using a plugin or example code from a blog, be sure you're using the version of OpenID to which it corresponds.
There are several plugins; one with lot of activity is open_id_authentication.
Dan Webb has a good guide to OpenID authentication in Rails that walks you through writing the actual code, but note that, at least last I checked, it hadn't been updated for OpenID 2.0.
I see a similar question for Ubuntu, but I'm interested in hosting my own OpenID provider through my Rails-based site that already has an identity and authentication system in place.
Note that I'm not looking for the delegate method to use the site as an OpenID.
What's the best way to do this properly?
This "No Shit Guide To Supporting OpenID In Your Applications"
seems to be a step-by-step tutorial for what you want to do.
Railscasts episode 68 OpenID authentication describes how to do exactly this. It's about a year old, so you may have to do some stuff differently. I'd also strongly for either an updated or newer OpenID plugin (the link for the one in the video is labeled "outdated").
Err, wait, that is to support OpenID authentication in a Rails application you are writing, not to have run an OpenID endpoint in rails.. Here is a guide to implimenting an OpenID server/endpoint in Rails pretty-much form scratch.. gem install openid-server might be easier, but you'll learn more implementing it yourself, and the code is pretty simple.
This reminds me that the overview docs for ruby-openid server are still missing. But you can see the example, and until the docs are ported over, see the docs for the python implementation which follows the same object model.
What is current state of the art for enabling OpenID login in Ruby on Rails applications? This is a community wiki with up-to-date answers to this question.
Authlogic
The most advanced authentication solution seems to be Authlogic. It supports OpenID with Authlogic OpenID plugin. It supports Rails 4 and 3. Rails 2 is supported in the rails2 branch.
You may want to watch "OpenID with Authlogic" railscast (and the "Authlogic" railscast).
There is a sample application called Authlogic OpenID Selector Example.
Devise
Devise is flexible authentication framework for Rails. It supports OpenID with devise_openid_authenticatable.
restful_authentication
Another authentication library of choice is restful_authentication Rails plugin. Seems like you also need to install open_id_authentication plugin.
You may want to watch (old, circa 2007) "OpenID Authentication" railscast.
Ruby OpenID
Raw support for OpenID protocol is handled by Ruby OpenID library.
Check out this Railscast on OpenId for more info. I'm not sure if/how it might work alongside restful_authentication, but might be a good resource. (I haven't watched it yet)
What I've done is use restful-authentication and then blend the open_id_authentication plugin into your application. It might help to setup the open_id_authentication plugin on a test app as well, so you can determine the changes you'll need to make to the users table.
The definitive resource should be the rails wiki, although I use should advisedly because things have been changing quite fast when it comes to OpenID support.
Ryan Bates' Railscast on Openid is the best thing I've found to follow. Even though it was recorded with Rails 1.2.3, I've been able to successfully follow the tutorial with Rails 2.1.0. The only point to note is that for:
gem install ruby-openid
I installed 2.1.2, rather than the 1.1.4 used in railscast.
The OpenID plugin used is open_id_authentication, and I tested it in combination with restful_authentication from git://github.com/technoweenie/restful-authentication.git
NB: I subsequently wrote this up in a blog post.
The only gem I know of that supports OpenID Connect (the latest version) is:
https://github.com/nov/openid_connect
However, it has absolutely no documentation. :(
Oddly, this subject doesn't appear to have received much attention from the Rails community since 2007.
The latest trunk of Bort didn't seem to work with Rails 2.3.x, so I forked it and got it working.
I also added some things that I personally use - like yui reset/base, jquery, etc.
The fork is very much still a work in progress, but I hope to provide broad, tested authentication support for restful auth, google auth, facebook connect, twitter, etc.
http://github.com/lukebayes/bort
I have found that using BinaryLogic's Authlogic gems are quite easy and straightforward to use. See Authlogic and its OpenID plugin.
You can download an example application or try it!
Bort now has OpenID included, in addition to restful_authentication.
Keep an eye on Bort. It is a base rails application which already has restful_authentication setup among other things. The guy doing it is planning on adding OpenID.