This Gem solves the issue of user authentication by allowing users to register for and sign into an application using exisiting social media profiles. There is an enormous list of supported 'strategies' (types of 3rd party profile) [here] (https://github.com/intridea/omniauth/wiki/List-of-Strategies).
OmniAuth acts as a go-between for your application and the strategy that will be providing the authentication. It's Rack Middleware, which means that it transmits information between your application and the strategy in a way that is independent from your application logic. As the docs say, it is designed as a "black box" into which you send your application data and receive information without making assumptions about or influencing your application's structure. Its flexible design is also intended to support several auth services in one application.
Different strategies have their own gems, so you may want to to explore other (or several!) options.
gem 'omniauth-twitter'
You will need to create this file.
Rails.application.config.middleware.use OmniAuth::Builder do
provider :twitter, 'CONSUMER_KEY', 'CONSUMER_SECRET' (replace these with the information that you get from your service)
end
Note that RailsCasts doesn't include the 'via' section of the code below. 'match' has been depreciated, so include it if you don't want your application to throw errors!
match "/auth/:provider/callback" => "sessions#create", :via => [:get], :as => 'new_session'
match "/signout" => "sessions#destroy", :as => :signout, :via => [:delete], :as => 'destroy_session'
def create
auth = request.env["omniauth.auth"]
user = User.find_by_provider_and_uid(auth["provider"], auth["uid"]) || User.create_with_omniauth(auth)
session[:user_id] = user.id
redirect_to root_url, :notice => "Signed in!"
end
def destroy
session[:user_id] = nil
redirect_to root_url, :notice => "Signed out!"
end
def self.create_with_omniauth(auth)
create! do |user|
user.provider = auth["provider"]
user.uid = auth["uid"]
user.name = auth["info"]["name"]
end
end
helper_method :current_user
private
def current_user
@current_user ||= User.find(session[:user_id]) if session[:user_id]
end
<% if current_user %>
Welcome <%= current_user.name %>!
<%= link_to "Sign Out", signout_path %>
<% else %>
<%= link_to "Sign in with Twitter", "/auth/twitter" %>
<% end %>
Restart your server and that's it! OmniAuth can also be used in conjuction with you app-specific username and password systems, like we did with bcrypt or using another gem like Devise. There's a great [RailsCast about that here] (http://railscasts.com/episodes/235-omniauth-part-1). Make sure you also watch [Part 2] (http://railscasts.com/episodes/236-omniauth-part-2) if you want to go that route.
-
[OmniAuth Documentation] (https://github.com/intridea/omniauth)
-
[RailsCasts Simple OmniAuth walkthrough] (http://railscasts.com/episodes/241-simple-omniauth) - uses Twitter as the sole means of authentication
Use this callback URL for localhost testing. I didn't have time to test a production app but suspect that this will need to be changed to your hosted application location when you deploy.