Using devise_openid_authenticatable with Heroku and Google Federated Login
Google Apps has been growing in popularity among small business. As the primary email and calendar solution it's nice to use Google's Federated Login for your app's authentication to keep user management low for you and allow users to keep their password/id the same. Using this in conjunction with devise allows you to add database authentication if certain users need it (or if you have to migrate later) as well as use Devise's extensions and helper methods.
Learn more about Google Federated Login
Make sure to follow the setup instructions for each gem carefully. The following steps build on those instructions and are intended for Rails 3.
- Require 'gapps_openid' in your application.rb
- Make your identity url "https://www.google.com/accounts/o8/site-xrds?hd=YOURDOMAIN.COM"
- Since the process for creating a user will wait on the request you will have to change the way user creation was described in the devise_openid_authenticatable gem. The following steps will create the user and also fill in their first and last name. You can read more about the attributes and parameters here:
def self.create_from_identity_url(identity_url)
User.new(:identity_url => identity_url)
end
def self.openid_required_fields
["http://axschema.org/contact/email", "http://axschema.org/namePerson/first", "http://axschema.org/namePerson/last"]
end
def openid_fields=(fields)
fields.each do |key, value|
case key.to_s
when "http://axschema.org/contact/email"
self.email = value.to_s
when "http://axschema.org/namePerson/first"
self.first_name = value.to_s
when "http://axschema.org/namePerson/last"
self.last_name = value.to_s
end
end
self.save!
end
You should be good to go.
You may get an error about security certificates that will prevent this from working. The solution is to copy the ca-bundle.crt file included in the ruby-openid-apps-discovery gem. Place that file in your 'config/certs' folder and then copy the following lines:
OpenID.fetcher.ca_file = "#{Rails.root}/config/certs/ca-bundle.crt"
OpenID::SimpleSign.store.add_file "#{Rails.root}/config/certs/ca-bundle.crt"
Into the sessions controller that you have to customize from Devise. This seemed to work on Heroku when compared to me just loading 'OpenID.fetcher.ca_file = "#{Rails.root}/config/certs/ca-bundle.crt"' in my application.rb.
Some blog posts that helped me out, not all of them are specific to Devise and Google Federated Login but they may help.
- Using Google Federated Login in your Rails Application - Jan 4, 2009
- Google Apps OpenID with Rails and Devise - Aug 9, 2010
- Todd Sedano - May 28, 2010
- Devise Group Question - Sep 29, 2010
- Google Federated Login API Question - Dec 8, 2009