8c132b7a66ae6de34a92044f4285938bfa87784d
all branches
- 1.0_dev
- gh-pages
- legacy
- master
- twitterdispatch
all tags
- v0.1.22
- v0.1.21
- v0.1.20
- v0.1.18
- v0.1.17
- v0.1.16
- v0.1.15
- v0.1.14
- v0.1.13
- v0.1.12
- v0.1.11
- v0.1.10
- v0.1.9
- v0.1.8
- v0.1.7
- v0.1.5
- v0.1.3
- v0.1.1
- v0.0.2
- v0.0.1

mbleigh / twitter-auth

284

Description:	Standard authentication stack for Rails using Twitter to log in. edit
Homepage:	edit
Public Clone URL:	git://github.com/mbleigh/twitter-auth.git Give this clone URL to anyone. `git clone git://github.com/mbleigh/twitter-auth.git`
Your Clone URL:	git@github.com:mbleigh/twitter-auth.git Use this clone URL yourself. `git clone git@github.com:mbleigh/twitter-auth.git`

Click here to lend your support to: twitter-auth and make a donation at www.pledgie.com !

Updating changelog.

mbleigh (author)

Fri Jun 19 17:05:06 -0700 2009

commit 8c132b7a66ae6de34a92044f4285938bfa87784d
tree 57e2dc0255de7389e20e9b64f4229a639cffdc22
parent 2bf33a281c0db47f02b86986ad5c45e98aeed485

twitter-auth /

name	age	history message
.gitignore	Thu Mar 19 23:35:41 -0700 2009	Ignore /pkg [mbleigh]
CHANGELOG.markdown	Fri Jun 19 17:05:06 -0700 2009	Updating changelog. [mbleigh]
README.markdown	Fri Apr 17 19:26:24 -0700 2009	Updated README again. [mbleigh]
Rakefile	Fri Apr 17 19:30:47 -0700 2009	Cleaning up the commit list. [mbleigh]
VERSION.yml	Fri Jun 19 17:04:24 -0700 2009	Version bump to 0.1.22 [mbleigh]
app/	Tue Jun 16 19:38:20 -0700 2009	OAuth 1.0a (requires oauth gem 0.3.5) [Wynn Netherland]
config/	Wed Mar 18 16:27:34 -0700 2009	Added logout, meaning that the full authenticat... [mbleigh]
generators/		Loading commit data...
init.rb	Mon Mar 16 10:41:24 -0700 2009	Adding things to 1.0_dev [mbleigh]
lib/	Tue Jun 16 19:38:20 -0700 2009	OAuth 1.0a (requires oauth gem 0.3.5) [Wynn Netherland]
rails/	Thu Mar 19 23:34:58 -0700 2009	Added Jeweler task. [mbleigh]
spec/	Thu May 07 09:52:32 -0700 2009	Small change to fix a broken logout spec. [mbleigh]
twitter-auth.gemspec

README.markdown

TwitterAuth

TwitterAuth aims to provide a complete authentication and API access solution for creating Twitter applications in Rails. It provides a generator and all of the necessary components to use Twitter as the sole authentication provider for an application using either Twitter's OAuth or HTTP Basic authentication strategies.

Installation

You can include TwitterAuth as a gem in your project like so:

config.gem 'twitter-auth', :lib => 'twitter_auth'

Or you can install it as a traditional Rails plugin:

script/plugin install git://github.com/mbleigh/twitter-auth.git

Note that because TwitterAuth utilizes Rails Engines functionality introduced in Rails 2.3, it will not work with earlier versions of Rails.

NOTE: TwitterAuth requires Rails version 2.3 or later because it makes extensive use of the new support for Rails Engines. Previous versions of Rails are not supported.

Usage

To utilize TwitterAuth in your application you will need to run the generator:

script/generate twitter_auth [--oauth (default) | --basic]

This will generate a migration as well as set up the stubs needed to use the Rails Engines controllers and models set up by TwitterAuth. It will also create a User class that inherits from TwitterUser, abstracting away all of the Twitter authentication functionality and leaving you a blank slate to work with for your application.

Finally, it will create a configuration file in config/twitter_auth.yml in which you should input your OAuth consumer key and secret (if using the OAuth strategy) as well as a custom callback for development (the oauth_callback option is where Twitter will send the browser after authentication is complete. If you leave it blank Twitter will send it to the URL set up when you registered your application).

Sign in with Twitter

Twitter recently implemented a convenience layer on top of OAuth called Sign in with Twitter. TwitterAuth makes use of this by default in newly generated applications by setting the authorize_path in twitter_auth.yml.

If you already have an application utilizing TwitterAuth that you would like to utilize the new system, simply add this line to your twitter_auth.yml in each environment:

authorize_path: "/oauth/authenticate"

Usage Basics

If you need more information about how to use OAuth with Twitter, please visit Twitter's OAuth FAQ.

TwitterAuth borrows heavily from Restful Authentication for its API because it's simple and well-known. Here are some of the familiar methods that are available:

login_required: a before filter that can be added to a controller to require that a user logs in before he/she can view the page.
current_user: returns the logged in user if one exists, otherwise returns nil.
logged_in?: true if logged in, false otherwise.
redirect_back_or_default(url): redirects to the location where store_location was last called or the specified default URL.
store_location: store the current URL for returning to when a redirect_back_or_default is called.
authorized?: override this to add fine-grained access control for when login_required is already called.

Accessing the Twitter API

Obviously if you're using Twitter as an authentication strategy you probably have interest in accessing Twitter API information as well. Because I wasn't really satisfied with either of the popular Twitter API Ruby libraries (Twitter4R and Twitter) and also because neither support OAuth (yet), I decided to go with a simple, dependency-free API implementation.

The User class will have a twitter method that provides a generic dispatcher with HTTP verb commands available (get, put, post, and delete). These are automatically initialized to the base_url you specified in the twitter_auth.yml file, so you need only specify a path. Additionally, it will automatically append a .json extension and parse the JSON if you don't provide (it returns strings for XML because, well, I don't like XML and don't feel like parsing it).

# This code will work with the OAuth and Basic strategies alike.
user = User.find_by_login('mbleigh')

user.twitter.get('/account/verify_credentials')
# => {'screen_name' => 'mbleigh', 'name' => 'Michael Bleigh' ... }

user.twitter.post('/statuses/update.json', 'status' => 'This is my status.')
# => {"user"=>{"login" => "mbleigh" ... }, "text"=>"This is my status.", "id"=>1234567890 ... }

If Twitter returns something other than a 200 response code, TwitterAuth will catch it and try to raise a salient error message. The exception class is TwitterAuth::Dispatcher::Error if you're in the mood to catch it.

This area of the code is still a little raw, but hopefully will evolve to be a little more user-friendly as TwitterAuth matures. In the meantime, it's a perfectly workable foundation library, and the fact that it works the same with OAuth and HTTP Basic makes it all the better!

Customizing TwitterAuth

There are a number of hooks to extend the functionality of TwitterAuth. Here is a brief description of each of them.

Controller Methods

TwitterAuth provides some default controller methods that may be overridden in your ApplicationController to behave differently.

authentication_failed(message): called when Twitter authorization has failed during the process. By default, simply redirects to the site root and sets the flash[:error].
authentication_succeeded(message=default): called when Twitter authorization has completed successfully. By default, simply redirects to the site root and sets the flash[:notice].
access_denied: what happens when the login_required before filter fails. By default it stores the current location to return to and redirects to the login process.

Tips and Tricks

If you are getting an OpenSSL::SSL:SSLError (certificate verify failed) you may want to see this ticket and comments.

Resources

Bug Reports: See the Issues Page to report any problems you have using TwitterAuth.
Blog Post: The original blog post about TwitterAuth has a tutorial as well to get you started.
GitHub Pages: TwitterAuth has a simple GitHub page

Copyright

TwitterAuth is not affiliated with Twitter, Inc.