Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Add an omniauth recipe. #47

Merged
merged 3 commits into from

2 participants

@patriciomacadden

This makes the wishlist (#44) a little smaller.

Please feel free to correct me if I missed something (although I think I didn't).

@zzak
Owner

@patriciomacadden This is good, but I have a couple comments.

The complete example isn't necessary, just add a line below the authentication routes like "Give your app a default route that twitter will redirect back to once everything is all set." Or something like that.

Also, I don't think we should recommend people store their consumer keys and secrets in their actual app, instead let's use ENV and show them how to start the app with the command-line.

Lastly, I think this recipe should be titled: "Twitter Authentication with Omniauth" and the first part should go something like this:

It provides several strategies (released as gems) that provides authentication for a lot of systems, such as Facebook, Google, GitHub, and many more.

Having twitter here is redundant, and I think all the links clutter up the introduction to this great guide.

@patriciomacadden patriciomacadden change the title and the introduction; show how to start the app with…
… environment variables; remove the complete example; add links at the bottom; etc.
11e4ebc
@patriciomacadden

Hey @zzak thanks for the review! I've added a new commit to the PR. I don't want to merge it until you give me your opinion.

Thanks again!

@zzak
Owner

@patriciomacadden Thanks, looks much better, only one comment

Remove the links section and in the intro use this:

.., such as Facebook, Google, Github, and many more

With that link to their wiki with a full list of strategies.

Then feel free to commit, and thanks again for the help!

@patriciomacadden

Much better. Merged.

@patriciomacadden patriciomacadden merged commit 89ae9a6 into sinatra:master
@patriciomacadden patriciomacadden deleted the patriciomacadden:omniauth branch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Mar 19, 2013
  1. @patriciomacadden
  2. @patriciomacadden

    change the title and the introduction; show how to start the app with…

    patriciomacadden authored
    … environment variables; remove the complete example; add links at the bottom; etc.
  3. @patriciomacadden
This page is out of date. Refresh to see the latest.
Showing with 87 additions and 0 deletions.
  1. +87 −0 middleware/twitter_authentication_with_omniauth.md
View
87 middleware/twitter_authentication_with_omniauth.md
@@ -0,0 +1,87 @@
+## Twitter authentication with OmniAuth
+
+[OmniAuth](https://github.com/intridea/omniauth) provides several strategies
+(released as gems) that provides authentication for a lot of systems, such as
+Facebook, Google, GitHub, and
+[many more](https://github.com/intridea/omniauth/wiki/List-of-Strategies).
+
+Each strategy is a Rack middleware, so it's very easy to integrate with
+Sinatra. This recipe will show you how to add user authentication to your
+Sinatra application using Twitter as your authentication provider.
+
+First, you have to create a new application at
+[Twitter Developers](https://dev.twitter.com/). It's very important to set
+the `Callback url` to `http://example.com/auth/twitter/callback`. This url is
+where twitter will redirect the client when the user is successfully
+authenticated. Once you created your application, you have to remember it's
+`Consumer key` and `Consumer secret`. You will need them when you configure
+Omniauth, like this:
+
+```ruby
+require 'sinatra'
+require 'omniauth-twitter'
+
+configure do
+ enable :sessions
+
+ use OmniAuth::Builder do
+ provider :twitter, ENV['CONSUMER_KEY'], ENV['CONSUMER_SECRET']
+ end
+end
+```
+
+Note that we used the CONSUMER_KEY and CONSUMER_SECRET environment variables.
+This is because it's bad to store this information on your code, so each time
+you run your app do it like this:
+
+```bash
+$ CONSUMER_KEY=<your consumer key> CONSUMER_SECRET=<your consumer secret> ruby app.rb
+```
+
+If you are using rackup, the same rule applies.
+
+Then, you have to secure your application by redirecting non-authenticated
+users to twitter, so they can sign in:
+
+```ruby
+helpers do
+ # define a current_user method, so we can be sure if an user is authenticated
+ def current_user
+ !session[:uid].nil?
+ end
+end
+
+before do
+ # we do not want to redirect to twitter when the path info starts
+ # with /auth/
+ pass if request.path_info =~ /^\/auth\//
+
+ # /auth/twitter is captured by omniauth:
+ # when the path info matches /auth/twitter, omniauth will redirect to twitter
+ redirect to('/auth/twitter') unless current_user
+end
+```
+
+Lastly, you have create a new user session when the authentication was
+successful:
+
+```ruby
+get '/auth/twitter/callback' do
+ # probably you will need to create a user in the database too...
+ session[:uid] = env['omniauth.auth']['uid']
+ # this is the main endpoint to your application
+ redirect to('/')
+end
+
+get '/auth/failure' do
+ # omniauth redirects to /auth/failure when it encounters a problem
+ # so you can implement this as you please
+end
+
+get '/' do
+ 'Hello omniauth-twitter!'
+end
+```
+
+Needless to say that this approach is useful for other omniauth strategies.
+
Something went wrong with that request. Please try again.