OAuth Strategy generator for Warden Authentication Framework
Switch branches/tags
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
.document Initial commit to warden_oauth. Aug 30, 2009
CHANGELOG Changing date of the CHANGELOG entry Feb 1, 2010
warden_oauth.gemspec Updating warden_oauth to version 0.1.1 Feb 1, 2010



warden_oauth enhances the Warden authentication framework, offering a simple interface for creating oauth strategies.

Getting Started

To get started you just have to require the warden_oauth libraries, and setup the oauth services you would like to have on the Warden::Manager middleware declaration:

Warden::Manager do |config|
  config.failure_app = FailureApp
  config.oauth(:twitter) do |twitter|
    twitter.consumer_secret = <YOUR CONSUMER SECRET>
    twitter.consumer_key  = <YOUR CONSUMER KEY>
    twitter.options :site => 'http://twitter.com'
  config.default_strategies(:twitter_oauth, :password, :other)

Giving an Access Token fetcher

Users get identified on a system via an access_token and an access_secret, when a valid access_token is recevied, warden_oauth calls a fetcher declared on Warden::OAuth.access_token_user_finder(:<strategy_key>).

Warden::OAuth.access_token_user_finder(:twitter) do |access_token|
  User.find_by_access_token_and_access_secret(access_token.token, access_token.secret)

If a user is returned, then this is the user that is going to be authenticated in the session, otherwise the FailureApp will be called, you may check the env['warden.options'][:oauth][:access_token] to check the original access_token and <bold>create a new user</bold> from there if desired.

Strategy Class info

When you declare an oauth strategy on the Warden::Config initialization, (e.g. config.oauth(:service_name)) a Warden::OAuth::Strategy::ServiceName will be declared, at the same time this class will be registered as :service_name_oauth on the Warden::Strategies.

So when we have a declaration like the one we have in the Getting Started section, we will have an Strategy class called Warden::OAuth::Strategy::Twitter, and this will be registered as :twitter_oauth on the Warden::Strategies.

Running the Strategy

In order to get the strategy running in the app, you have to specify a parameter called warden_oauth_provider with the name of the oauth service you want to use. So for example, if you would like to boot the twitter oauth example given on the “Getting Started” section you just have to specify the parameter on a protected url.

In Rails:

link_to 'Twitter Authentication', url_for(login_path(:warden_oauth_provider => 'twitter'))

There can be 3 different outcomes from this strategy:

  1. The OAuth credentials are invalid and the FailureApp is called.

  2. The OAuth credentials are valid, but there is no user associated to them. In this case the FailureApp is called, but the env[:oauth] will be available.

  3. The OAuth credentials are valid, and the user is authenticated successfuly.


In Rails, don't set the :warden_oauth_provider parameter as part of the login route, if you do this, rails will catch the parameter, but not the warden rack middleware, ergo, it won't work as expected.


If you want to know how to make a twitter authentication client, check examples/twitter/application.rb

Note on Patches/Pull Requests

For any error send an email to: romanandreg [at] gmail [dot] com


Copyright © 2009 Roman Gonzalez. See LICENSE for details.