Skip to content

Using devise_openid_authenticatable with Heroku and Google Federated Login

Jump to bottom Edit New page
sshefer edited this page Sep 29, 2010 · 1 revision

Google Federated Login and Setup

Google Apps has been growing in popularity among small business. As the primary email and calendar solution it's nice to use Google's Federated Login for your app's authentication to keep user management low for you and allow users to keep their password/id the same. Using this in conjunction with devise allows you to add database authentication if certain users need it (or if you have to migrate later) as well as use Devise's extensions and helper methods.

Learn more about Google Federated Login

Gems You'll Need

Rails Setup

Make sure to follow the setup instructions for each gem carefully. The following steps build on those instructions and are intended for Rails 3.

  • Require 'gapps_openid' in your application.rb
  • Make your identity url "https://www.google.com/accounts/o8/site-xrds?hd=YOURDOMAIN.COM"
  • Since the process for creating a user will wait on the request you will have to change the way user creation was described in the devise_openid_authenticatable gem. The following steps will create the user and also fill in their first and last name. You can read more about the attributes and parameters here:
  def self.create_from_identity_url(identity_url)
    User.new(:identity_url => identity_url)
  end
  
  def self.openid_required_fields
    ["http://axschema.org/contact/email", "http://axschema.org/namePerson/first", "http://axschema.org/namePerson/last"]
  end
      
  def openid_fields=(fields)
    fields.each do |key, value|
      case key.to_s
      when "http://axschema.org/contact/email"
        self.email = value.to_s
      when "http://axschema.org/namePerson/first"
        self.first_name = value.to_s
      when "http://axschema.org/namePerson/last"
        self.last_name = value.to_s
      end
    end
    self.save!
  end

You should be good to go.

Unexpected Errors?

You may get an error about security certificates that will prevent this from working. The solution is to copy the ca-bundle.crt file included in the ruby-openid-apps-discovery gem. Place that file in your 'config/certs' folder and then copy the following lines:

  OpenID.fetcher.ca_file = "#{Rails.root}/config/certs/ca-bundle.crt"
  OpenID::SimpleSign.store.add_file "#{Rails.root}/config/certs/ca-bundle.crt"

Into the sessions controller that you have to customize from Devise. This seemed to work on Heroku when compared to me just loading 'OpenID.fetcher.ca_file = "#{Rails.root}/config/certs/ca-bundle.crt"' in my application.rb.

Credits and Further Help

Some blog posts that helped me out, not all of them are specific to Devise and Google Federated Login but they may help.

Add a custom footer
Add a custom sidebar
Clone this wiki locally