Frequently Asked Questions

twe4ked edited this page May 13, 2012 · 6 revisions

General

Can I Use OmniAuth Instead of [Devise, AuthLogic, Clearance, etc.]?

Yes! OmniAuth is built to handle any kind of authentication you might want to do in an application and it can be used in place of other solutions. Note that OmniAuth's philosophy is that of doing as little as possible and staying out of developers' way, so OmniAuth does not provide many of the conveniences of other authentication solutions like automatic model creation, pre-built controllers, etc. The advantage of using OmniAuth as your application's primary solution is that you will completely understand every part of the authentication code that is important to your application.

Can I Use OmniAuth With [Devise, AuthLogic, Clearance, etc.]?

Probably! OmniAuth is a simple, flexible system and would likely be able to integrate with any but the most inflexible of existing authentication solutions. In fact, OmniAuth is built in to Devise, and they have documentation for using OmniAuth and Devise together.

Does OmniAuth Have a Strategy for [insert provider here]?

The List of Strategies page contains a community-curated list of OmniAuth strategies. While not necessarily 100% comprehensive, it's a good place to start. If you don't find it on there, maybe you could implement it yourself! Take a look at the Strategy Contribution Guide for a quick start on implementing your own provider.

Does OmniAuth Allow for Username/Password Login?

Yes! Since OmniAuth is just a collection of strategies, it is fully possible to implement a username/password system on top of OmniAuth. OmniAuth Identity is one such implementation.

Troubleshooting

My Rails session has been wiped out in my authentication callback! What do I do?  

You need to disable cross-site forgery protection for your callback action since you may be accepting a POST from an external server's website. To do this add this at the top of your controller:

class SessionsController < ApplicationController
  protect_from_forgery :except => [:callback]
  def callback; 
    # your callback here 
  end
end

I'm getting an OpenSSL::SSL::SSLError when I try to authenticate. What do I do?

You may need to specify a path to an SSL certificate authority. Check the documentation for the strategy that you're using. A common example for an OAuth2 strategy would be something like this:

Rails.application.config.middleware.use OmniAuth::Strategies::Facebook, 'APP_ID', 'APP_SECRET', 
  {:client_options => {:ssl => {:ca_path => "/etc/ssl/certs"}}}

You can see some extensive discussion about these errors in issues #404 and #260.

How to fix OAuth::Unauthorized error for Twitter provider?

First and foremost, check your system clock, especially if you're finding this issue in a virtualized environment. Try:

$ date

If the system date is wrong, either set it manually or install NTP.

Also, you may need to set the Callback URL in Twitter settings. Example configuration for development environment can look like:

http://127.0.0.1:3000/auth/twitter/callback

Rails session is clobbered after callback on OpenID providers

OpenId callbacks are sent using POST request, so remember to disable forgery protection for given action, otherwise session will be clobbered by rails.

Problems with CA certificates during OpenID request (google, yahoo)

If you see warning like this one: WARNING: making https request to https://www.google.com/accounts/o8/id?id=someid without verifying server certificate; no CA path was specified

You can fix it by adding code to omniauth configuration:

require "openid/fetchers"
OpenID.fetcher.ca_file = "/etc/ssl/certs/ca-certificates.crt"

Change certificate path if you need.