Update Gemfile, enable logging

Gemfile

@@ -1,6 +1,22 @@
-source "http://rubygems.org"
+source :rubygems
+gem 'rack', '1.3.6'
+gem 'thin'
+gem 'sinatra'
+gem 'json'
+gem 'omniauth'
+gem 'omniauth-oauth2'
+gem 'activesupport'
+gem 'i18n'
+gem 'rest-client'
 
+# gem 'omniauth-att', :path => File.expand_path("./../../omniauth-att", __FILE__)
+gem 'newrelic_rpm'
+group :example do
+  gem 'omniauth-github'
+  gem 'omniauth-facebook'
+  gem 'omniauth-twitter'
+end
 
-gem 'rake'
-# Specify your gem's dependencies in omniauth-att.gemspec
-gemspec
+group :developent do
+  gem 'shotgun'
+end

Gemfile.lock

@@ -1,17 +1,3 @@
-PATH
-  remote: .
-  specs:
-    omniauth-att (0.2)
-      activesupport
-      i18n
-      omniauth (~> 1.0)
-      omniauth-facebook
-      omniauth-github
-      omniauth-oauth2 (~> 1.0)
-      omniauth-twitter
-      sinatra
-      thin
-
 GEM
   remote: http://rubygems.org/
   specs:
@@ -25,17 +11,12 @@ GEM
       multipart-post (~> 1.1.3)
       rack (>= 1.1.0, < 2)
     hashie (1.2.0)
-    heroku (2.17.0)
-      launchy (>= 0.3.2)
-      rest-client (~> 1.6.1)
-      rubyzip
-      term-ansicolor (~> 1.0.5)
     i18n (0.6.0)
-    launchy (2.0.5)
-      addressable (~> 2.2.6)
+    json (1.6.4)
     mime-types (1.17.2)
     multi_json (1.0.4)
     multipart-post (1.1.4)
+    newrelic_rpm (3.3.1)
     oauth (0.4.5)
     oauth2 (0.5.2)
       faraday (~> 0.7)
@@ -56,20 +37,17 @@ GEM
       omniauth (~> 1.0)
     omniauth-twitter (0.0.7)
       omniauth-oauth (~> 1.0)
-    rack (1.4.0)
+    rack (1.3.6)
     rack-protection (1.2.0)
       rack
-    rake (0.9.2.2)
     rest-client (1.6.7)
       mime-types (>= 1.16)
-    rubyzip (0.9.5)
     shotgun (0.9)
       rack (>= 1.0)
     sinatra (1.3.2)
       rack (~> 1.3, >= 1.3.6)
       rack-protection (~> 1.2)
       tilt (~> 1.3, >= 1.3.3)
-    term-ansicolor (1.0.7)
     thin (1.3.1)
       daemons (>= 1.0.9)
       eventmachine (>= 0.12.6)
@@ -80,7 +58,17 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  heroku
-  omniauth-att!
-  rake
+  activesupport
+  i18n
+  json
+  newrelic_rpm
+  omniauth
+  omniauth-facebook
+  omniauth-github
+  omniauth-oauth2
+  omniauth-twitter
+  rack (= 1.3.6)
+  rest-client
   shotgun
+  sinatra
+  thin

README.md

@@ -22,9 +22,7 @@
 
    heroku config:add RACK_ENV=production
    heroku addons:add newrelic  
-   heroku addons:add redistogo:nano
-   heroku addons:add blitz:250
-
+   heroku addons:add redistogo:nano   
 
 # config
 

config.ru

@@ -3,4 +3,6 @@ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__),"lib"))
 require "rubygems"
 require './example/example_omniauth_app.rb'
 
+puts "using  :site => #{ENV['ATT_BASE_DOMAIN']}"
+
 run SinatraApp

example/example_omniauth_app.rb

@@ -10,6 +10,7 @@
 
 class SinatraApp < Sinatra::Base
   configure do
+    set :logging, true
     set :sessions, true
     set :inline_templates, true
   end
@@ -29,14 +30,21 @@ def db
     provider :github, (ENV['GITHUB_CLIENT_ID']||'b6ce639ebd5618ca4d52'), (ENV['GITHUB_CLIENT_SECRET']||'ef8b9abe468c2021d1e829f566091446375ea181')
     provider :facebook, (ENV['FACEBOOK_CLIENT_ID']||'290594154312564'),(ENV['FACEBOOK_CLIENT_SECRET']||'a26bcf9d7e254db82566f31c9d72c94e')
     provider :twitter, 'cO23zABqRXQpkmAXa8MRw', 'TwtroETQ6sEDWW8HEgt0CUWxTavwFcMgAwqHdb0k1M'
-    provider :att, 'client_id', 'client_secret', :callback_url => ENV['BASE_DOMAIN'] || 'http://localhost:9393'
+    provider :att, 'client_id', 'client_secret', :callback_url => "#(ENV['BASE_DOMAIN'] || 'http://localhost:9393')"
   end
 
   get '/' do
-    erb :index
+    url = request.env['REQUEST_URI']
+    url = url[0..-2] if url[-1] == '/'
+    erb "
+    <a href='#{url}/auth/github'>Login with Github</a><br>
+    <a href='#{url}/auth/facebook'>Login with facebook</a><br>
+    <a href='#{url}/auth/twitter'>Login with twitter</a><br>
+    <a href='#{url}/auth/att'>Login with att-foundry</a>"
   end
-
-  get '/auth/:provider/callback' do
+
+
+get '/auth/:provider/callback' do
     db[:access_token] = request.env['omniauth.auth']['credentials']['token']
     erb "<h1>#{params[:provider]}</h1>
          <pre>#{JSON.pretty_generate(request.env['omniauth.auth'])}</pre>"
@@ -58,33 +66,13 @@ def db
   end
 
   get '/doc' do
-    erb <<-EOD
-<h2>Authentication docs page</h2>
-<p>This is a sample application that shows how the authentication mechanism works.</p>
-<p>It is incredibly simple and mimicks the OAuth2 flow. Firstly, the application must have
-a <code>client_id</code> and a <code>client_secret</code>. When the application wants to get 
-an authenticated user, they can simply redirect the user with their <code>client_id</code> and a <code>redirect_uri</code> to
-the foundry auth page at: #{auth_url}/login.
-The foundry auth will take care of the login and redirecting the user back to the <code>redirect_uri</code> (provided it matches the one that the application registered) with a <code>request_token</code>. </p>
-
-<p>It is then up to the application to respond with the <code>request_token</code> to <code>POST</code> to <code>#{auth_url}/auth</code> with the <code>request_token</code>, their <code>client_id</code> and their <code>client_secret</code>, they will get an <code>auth_hash</code> with the user's credentials, uid, some profile information and more. The entire contents of the <code>auth_hash</code> are still up for debate, but will definitely contain the user's info.</p>
-
-<p>When using the ruby language, they can use the Foundry's (soon-to-be) open-sourced <code>omniauth-att</code> library.</p>
-
-<h2>Summary</h2>
-
-<p><code>application -> 302 #{auth_url}/login</code></p>
-<p><code>#{auth_url} 302 -> application/callback?request_token=code</code></p>
-<p><code>application -> POST #{auth_url}/auth?code=code -> {"access_token":"token"}</code></p>
-<p><code>application -> POST #{auth_url}/auth?code=code -> {"access_token":"token"}</code></p>
-    EOD
+    erb :docs
   end
 
   get '/logout' do
     session[:authenticated] = false
-    redirect_to = ENV['BASE_DOMAIN'] || 'http://localhost:9393'
     db[:access_token] = nil
-    redirect auth_url + "/logout?redirect_uri=#{CGI.escape(redirect_to)}"
+    redirect auth_url + "/logout?redirect_uri=#{CGI.escape(base_domain)}"
   end
 
   get '/env' do
@@ -96,13 +84,16 @@ def auth_url
     (ENV['ATT_BASE_DOMAIN'] || 'https://auth.tfoundry.com')
   end
 
+
   def base_domain
-    case ENV['RACK_ENV']
-    when 'production'
-      "https://omniauth-att-example.herokuapp.com"
-    else
-      ENV['BASE_DOMAIN'] || 'http://localhost:9393'
-    end
+    return  'http://localhost:5000'
+    # return ENV['BASE_DOMAIN'] if ENV['BASE_DOMAIN']
+    # case ENV['RACK_ENV']
+    # when 'production'
+    #   "https://omniauth-att-example.herokuapp.com"
+    # else
+    #   'http://localhost:9393'
+    # end
   end
 
 end
@@ -134,7 +125,7 @@ def base_domain
 </html>
 
 @@index
-  <% if db[:access_token] %>
+<% if db[:access_token] %>
   <h4>Hurray! You already have an access token</h4>
   <%= db[:access_token] %>
   Get your profile <a href='/protected'>here</a>
@@ -143,4 +134,26 @@ def base_domain
   <a href='<%= base_domain %>/auth/facebook'>Login with facebook</a><br>
   <a href='<%= base_domain %>/auth/twitter'>Login with twitter</a><br>
   <a href='<%= base_domain %>/auth/att'>Login with att-foundry</a>
-  <% end %>
+  <% end %>
+
+end  
+
+@@docs
+<h2>Authentication docs page</h2>
+<p>This is a sample application that shows how the authentication mechanism works.</p>
+<p>It is incredibly simple and mimicks the OAuth2 flow. Firstly, the application must have
+a <code>client_id</code> and a <code>client_secret</code>. When the application wants to get 
+an authenticated user, they can simply redirect the user with their <code>client_id</code> and a <code>redirect_uri</code> to
+the foundry auth page at: #{auth_url}/login.
+The foundry auth will take care of the login and redirecting the user back to the <code>redirect_uri</code> (provided it matches the one that the application registered) with a <code>request_token</code>. </p>
+
+<p>It is then up to the application to respond with the <code>request_token</code> to <code>POST</code> to <code>#{auth_url}/auth</code> with the <code>request_token</code>, their <code>client_id</code> and their <code>client_secret</code>, they will get an <code>auth_hash</code> with the user's credentials, uid, some profile information and more. The entire contents of the <code>auth_hash</code> are still up for debate, but will definitely contain the user's info.</p>
+
+<p>When using the ruby language, they can use the Foundry's (soon-to-be) open-sourced <code>omniauth-att</code> library.</p>
+
+<h2>Summary</h2>
+
+<p><code>application -> 302 #{auth_url}/login</code></p>
+<p><code>#{auth_url} 302 -> application/callback?request_token=code</code></p>
+<p><code>application -> POST #{auth_url}/auth?code=code -> {"access_token":"token"}</code></p>
+<p><code>application -> POST #{auth_url}/auth?code=code -> {"access_token":"token"}</code></p>

lib/omniauth/strategies/att.rb

@@ -18,11 +18,7 @@ class Att < OmniAuth::Strategies::OAuth2
         :token_url => '/oauth/access_token'
       }
 
-      # These are called after authentication has succeeded. If
-      # possible, you should try to set the UID without making
-      # additional calls (if the user id is returned with the token
-      # or as a URI parameter). This may not be possible with all
-      # providers.
+      # These are called after authentication has succeeded. 
       uid{ raw_info['uid'] }
 
       info do