I'm attempting my own setup, but perhaps I can get some help here.

I can run a provider and a client. When I go to client unauthenticated, I get sent to the provider. When I authenticate, I get stuck in some loop that the browser shuts down.

Here is the provider output:

Started GET "/auth/generic_id/authorize?client_id=YE0NYveQGoFsNLX220Dy5g&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fgeneric_id%2Fcallback&scope=read&response_type=code" for 127.0.0.1 at 2011-07-12 13:38:20 -0400
  Processing by AuthController#authorize as HTML
  Parameters: {"client_id"=>"YE0NYveQGoFsNLX220Dy5g", "redirect_uri"=>"http://localhost:3000/auth/generic_id/callback", "scope"=>"read", "response_type"=>"code"}
  SQL (0.084ms)  SELECT "id", "email", "encrypted_password", "authentication_token", "remember_created_at", "reset_password_token", "reset_password_sent_at", "sign_in_count", "current_sign_in_at", "last_sign_in_at", "current_sign_in_ip", "last_sign_in_ip", "created_at", "updated_at", "admin", "first_name", "last_name", "status", "expiration_date" FROM "users" WHERE "id" IN (5) LIMIT 1
Redirected to http://localhost:3000/auth/generic_id/callback?code=&response_type=code
Completed 302 Found in 4ms


Started GET "/auth/generic_id/access_token?client_id=YE0NYveQGoFsNLX220Dy5g&client_secret=aqpGBedDnHFyp5MmgT8KErr9D015ScmaY8r3vHg5C0&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fgeneric_id%2Fcallback&grant_type=authorization_code&code=" for 127.0.0.1 at 2011-07-12 13:38:20 -0400
  Processing by AuthController#access_token as 
  Parameters: {"client_id"=>"YE0NYveQGoFsNLX220Dy5g", "client_secret"=>"aqpGBedDnHFyp5MmgT8KErr9D015ScmaY8r3vHg5C0", "redirect_uri"=>"http://localhost:3000/auth/generic_id/callback", "grant_type"=>"authorization_code", "code"=>""}
Completed 500 Internal Server Error in 0ms

NoMethodError (undefined method `authenticate' for Client:Class):
  app/controllers/auth_controller.rb:16:in `access_token'

Rendered /home/t9/.rvm/gems/ruby-1.9.2-p180/gems/actionpack-3.0.9/lib/action_dispatch/middleware/templates/rescues/_trace.erb (0.8ms)
Rendered /home/t9/.rvm/gems/ruby-1.9.2-p180/gems/actionpack-3.0.9/lib/action_dispatch/middleware/templates/rescues/_request_and_response.erb (2.3ms)
Rendered /home/t9/.rvm/gems/ruby-1.9.2-p180/gems/actionpack-3.0.9/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb within rescues/layout (73.9ms)

Basically what I get from this is what it says, no authenticate method for the Class Client

which would be this

def authenticate(app_id, app_secret)
    where(["app_id = ? AND app_secret = ?", app_id, app_secret]).first
  end

Since I am working in DataMapper I think this doesn't exactly translate well and hence it gets stuck in the loop

the client just reads hanging there

Started GET "/auth/generic_id" for 127.0.0.1 at 2011-07-12 13:38:20 -0400

I don't have a lot of activerecord knowledge and but perhaps I can get some illumination on what exactly that authentication does, I don't wholly understand right now, especially as to why it is a Class and not an instance. Any input appreciated.

In the AuthController, when a client is granted an access token (an AccessGrant instance) and start_expiry_period! is called, an expiry of two days is stored in the database. However the AuthController then goes on to send an expires_in of Devise.timeout_in to the client, which in my case seems to be 30 minutes.

Unless I'm mistaken (which is quite possible!), shouldn't the expires_in be read from the AccessGrant, or both of theses read from Devise.timeout_in?

If you have a preference for which, I'll put in a pull request.

Regards,

Gavin

It was not able to get/store the uid for client..I am working on rails 4

Hello Gautam,

Consider this for your account linking strategy; I believe there is still a TODO for this in your authentications_controller#create action.

Cheers,
Mike.

I opened a similar issue on the client: does this gem have a license? If so, can it be made clear in the repository? If not, can one be added? We would like to use this in a project under development, and MIT, BSD, or Apache 2.0 are all compatible with our license.

I implemented a little project configured with localhost in development mode with any problem. But when i tried in production mode in a private server (using, for example, http://somepage.com/admin as provider and http://somepage.com/app as client) it refused to work. It was the same code, just changed the url paths and the environment from development to production (i have apache + passenger so it has to be done like that).

The only output that I got in the client app was:

Started GET "/auth/admin" for 201.214.176.162 at Wed Apr 25 18:00:42 -0400 2012


Started GET "/auth/admin/callback?code=c80833e3d0d985231d7836f4b06582da&response_type=code" for 201.214.176.162 at Wed Apr 25 18:00:43 -0400 2012


Started GET "/auth/failure?message=invalid_credentials&strategy=admin" for 201.214.176.162 at Wed Apr 25 18:00:43 -0400 2012
  Processing by UserSessionsController#failure as HTML
  Parameters: {"strategy"=>"admin", "message"=>"invalid_credentials"}

And in the provider:

Started GET "/admin/auth/admin/authorize?response_type=code&client_id=testing&redirect_uri=http://somepage.com/app/auth/admin/callback" for (obscured_IP) at Wed Apr 25 18:07:23 -0400 2012
  Processing by AuthController#authorize as HTML
  Parameters: {"response_type"=>"code", "client_id"=>"testing", "redirect_uri"=>"http://somepage.com/app/auth/admin/callback"}
  User Load (0.3ms)  SELECT `users`.* FROM `users` WHERE `users`.`id` = 1 LIMIT 1
  SQL (0.3ms)  DELETE FROM `access_grants` WHERE (created_at < '2012-04-22 22:07:23')
  Client Load (0.1ms)  SELECT `clients`.* FROM `clients` WHERE `clients`.`app_id` = 'testing' LIMIT 1
   (0.1ms)  BEGIN
  SQL (0.2ms)  INSERT INTO `access_grants` (`access_token`, `access_token_expires_at`, `client_id`, `code`, `created_at`, `refresh_token`, `updated_at`, `user_id`) VALUES ('e010594d4992edc3d8a6865c418f0dc2', NULL, 2, '22f08adc1a6b7308035eca5818904478', '2012-04-25 22:07:23', '3f6aef46957e7dcfb8ac6be57acb20e3', '2012-04-25 22:07:23', 1)
   (3.1ms)  COMMIT
Redirected to http://somepage.com/app/auth/admin/callback?code=22f08adc1a6b7308035eca5818904478&response_type=code
Completed 302 Found in 11ms

Do you maybe know how to sign out from oauth provider so I could sign in with another user? I tried reseting session but it doesn't work. It keeps signing me in with the the same username and password.
One way is to go the the provider app and sign out, but I don't like that and would rather let my users sign out of the client app.

Looking over devise options I see an option for :omniauthable

Just starting to look over to see how this fits here, i.e. adding flow and finetuning.

I guys,
Normally I should get the user.first_name and last_name on my client when I authenticate my user no ? Actually I didn't get values

I've forked and updated these to the latest rails 3.1.2. But I cannot get the provider to work. Am I overlooking something simple?

Provider - https://github.com/RobZolkos/sso-devise-omniauth-provider
Client - https://github.com/RobZolkos/sso-devise-omniauth-client

After adding the omniauth-facebook gem, and setting up the app-id and secret key, you get an error similiar to:

Email address cannot be blank
Password cannot be blank

I managed to fix the email problem by changing the following in the authentication_controller, create method on line 51 :

      user = User.new
      user.apply_omniauth(omniauth)
      #user.email = omniauth['extra'] && omniauth['extra']['user_hash'] && omniauth['extra']['user_hash']['email']
      user.email = omniauth['extra'].raw_info.email
      if user.save

The problem then is with password, after looking at the user.rb file and the migration, it seems password is dealt with elsewhere, I'm guessing by devise, and in the schema.rb file we have:

 t.string   "encrypted_password",   :limit => 128, :default => "",    :null => false

instead of password being required, shouldn't it be a conditional validation, where if we have an authentication token, we don't necessarily need a password to create the user?

Just wanted to check this before submitting a pull request

Not sure if I'm doing this correctly, but here are the steps I went through:

Added to gems:
omniauth-facebook
omniauth-twitter

Added my add ID/Key to initiliazers/omniauth.rb

Changed my hosts file:
127.0.0.1 abe-rails-dev.com

On the facebook app:
App Domain: abe-rails-dev.com
App Site URL: http://abe-rails-dev.com:3000

For some reason I get the following error:

{
   "error": {
      "message": "Invalid redirect_uri: Given URL is not allowed by the Application configuration.",
      "type": "OAuthException",
      "code": 191
   }
}

I can't for the life of me figure out what I'm doing wrong?

Omniauth v1.1.1 with omniauth-oauth2 gem creates problems.

http://blog.joshsoftware.com/2010/12/16/multiple-applications-with-devise-omniauth-and-single-sign-on/#comment-5559

Apparently omniauth v1.1.1 now has a "state" param that is used for CSRF checks. This breaks the code in SSO callback. A downgrade to v1.1.0 solves this but we need to fix this for the upgrade.

https://gist.github.com/1d9dcceebeb0e50046f4 shows the callback with state param and this links talks about the state param omniauth/omniauth-oauth2#18