lancejpollard / authlogic-connect Goto Github PK
View Code? Open in Web Editor NEWInstant Oauth and OpenID support for your Rails and Sinatra Apps
License: MIT License
Instant Oauth and OpenID support for your Rails and Sinatra Apps
License: MIT License
AFAI understand, the token/secret pair should get updated every login. There many reasons why, e.g. token can expire ... Unfortunately now doesnt get updated, so if you have expired token in the DB, it never gets updated and you cant use the api...
Should have option to set whether or not to use popups (similar to how RPXNow works) for authentication. The people who created RPXNow made the ruby-openid
gem, so they set the standards :).
In Edge Rails (rails-3.0.0-beta4), load_paths has been renamed to autoload_paths, resulting in this error:
/Users/peter/.rvm/gems/ruby-1.9.2-preview3@rails3edge/gems/authlogic-connect-0.0.5.1/lib/authlogic-connect.rb:26:in block in <top (required)>': undefined method
load_paths' for ActiveSupport::Dependencies:Module (NoMethodError)
Because I'm storing a few variables in the session, the following situation will break:
I need a way to better manage/reset the session variables, coming soon.
User should be able to create a new account by logging in. This would go through the user_sessions_controller, run through the authentication protocol, and create a new user if there isn't one. This should be the default.
i upgraed oauth2 to version 0.2.0
and authorize of facebook, twiiter did fail.
I'm trying to get a copy of an app that works fine in OSX up and running on Ubuntu, but it looks like AuthlogicConnect isn't loading properly. When it hits the line:
AuthlogicConnect.config = YAML.load_file("config/acc.yml")
it throws an error: uninitialized constant AuthlogicConnect (NameError)
Bundle install says that everything is installed fine, and the config is identical to two other machines which have no issues.
ruby --version
ruby 1.9.2dev (2010-07-11 revision 28618) [i686-linux]
rails --version
Rails 3.0.0.beta4
I'm not sure where to troubleshoot this....
I am using rails 2.3.5
1 - In the sample there is a oauth_consume method implemented. Is that necessary. How should it be done if there are multiple oauth_consumers?
2 - The sample app only works with twiter, is that correct?
Thanks for the great gem, I am looking forward to using it!
After installing the rails 3 example project, trying to run it generated a 500 error pointing back to authlogic-connect:
NoMethodError (undefined method `symbolize_keys!' for #):
/Users/blah/.bundle/ruby/1.9.1/gems/authlogic-connect-0.0.4.05/lib/authlogic_connect/common/variables.rb:16:in`auth_params'
I've tried both 4.05 and 4.06 -- same results. I'm not familiar enough with what is being done here to troubleshoot it effectivel, but I do see notes in the rails 3 changelog that this method was removed as part of beta 3. Is there a simple fix?
Foursquare does rate-limiting based on the user-agent.
Right now, the main way to set the user-agent is to pass user-agent in to the options hash of the AccessToken's get and post methods. I kind of like the idea of adding user-agent as an option in the config files (as is done for scope, and for api_version in my fork). Any thoughts?
Sorry for the cross-post (I put this issue on the example project as well). Please let me know which project this is more appropriate in and I'll delete the other one.
I'm running rails 3.0.5 on ruby 1.9.2 and when I try to generate a model for the AccessToken I get the following error:
$ rails generate model AccessToken user_id:integer type:string key:string token:string
secret:string active:boolean
invoke active_record
The name 'AccessToken' is either already used in your application or reserved by Ruby on
Rails. Please choose an alternative and run this generator again.
I'll try hand coding the migration to add the table to the database but I'm concerned that AccessToken may be a rails reserved key word and I'll run into trouble down the line. Any help understanding what is going on here would be greatly appreciated.
Thanks!
The plugin has been helpful, thanks!
Two questions are:
Thanks!
I'm having trouble following the recent changes for api_versions. There's an api_version method in access_token.rb that returns config[:api], implying that the api_version should be specified amongst the settings in the token class. But in FoursquareToken, :api_versions and :api_version are defined, not :api.
It also doesn't look like that api_version is ever actually merged in when there's a request.
can't login with twitter and facebook when using authlogic 2.1.6, only works for odorcicd's fork
The twitter authorize_url should be set to:
https://api.twitter.com/oauth/authenticate
instead of:
http://api.twitter.com/oauth/authenticate
in the example app, the params for UserSessionsController#create are processed via
@user_session = UserSession.new(params[:user_session])
however the form in the example has the params bare. when i change them to be scoped via user_session things break.
I think that's because authlogic connect is not actually using the params passed to UserSession. It looks like it reads the params directly from the controller here:
AuthlogicConnect::Common::Variables#auth_params
Hey Lance,
I thought my reset_consumer fix would be sufficient for this . . . but it only works in the happy land of a single user/single access test environment. As soon as any user authorizes (in particular, with Foursquare), that network's OauthToken's consumer will be corrupted, so any future API calls will be directed to the wrong address. It works in the single user/access case simply because there aren't API calls being made concurrently to the auth process.
Any thoughts on the best way to fix this? Is there anything wrong with just building a new consumer every time instead of caching it? (or maybe, every time for auth . . . and only caching for API or something?)
-Andrew
If they press cancel while at the oauth provider, it will redirect back and we get an error. Needs to render some helpful screen.
Hi, this looks great, have yet to try it but wanted to know how this was similiar/different from using omniauth? thanks!
I can't seem to find native support for making post requests to the API. Am I just looking in the wrong place, or is this coming in the future? (I'll try to add it in in the meantime . . . )
Thanks!
Object#returning has been removed from ActiveSupport in version 3.0.0.rc of Rails. You are supposed to use Object#tap now, which is defined in all versions of Ruby supported by Rails 3 and defined in ActiveSupport in earlier versions of Rails so it is safe to always use tap instead of returning.
I'm using the plugin to connect to google Oauth.
It is working fine, user and token are created but once logged in, the active token is not set:
'active_token_id' in User and 'active' flag in AccessToken remain 'nil'.
It seems that the method 'complete_oauth_transaction' in authlogic_connect/oauth/user.rb is never called, the one in authlogic_conncet/oauth/session.rb is called fine.
Any idea what is happening ?
Getting invalid gemspec error when specifying authlogic-connect's git repo.
Works fine if I specify the gem.
Can anybody else reproduce this?
I get the following error when I use the facebook option in the sample app.
{
"error": {
"type": "OAuthException",
"message": "Invalid redirect_uri: Given URL is not allowed by the Application configuration."
}
}
Here is the url
Wouldn't it be good if the exception will be raised when trying to save User (< ActiveRecord::Base) with "authentication_type => :session" or UserSession (< Authlogic::Session::Base) with "authentication_type => :user" ?
Or maybe it should be mentioned in README... Otherwise it could be difficult to figure out why no redirect happened (well, at least for me it was).
Save is currently tied to a context that it shouldn't be, so if you save it in the terminal, it will throw an error. This is a quick fix.
The traditional model has it so the user has to use two pages: Register, and Login. However, that doesn't provide the best user experience when using Oauth and OpenID. It should be the same thing to the end user, similar to how StackOverflow, TwitPic, and RPXNow work.
We're seeing a problem case where a user initiates the OAuth flow and the session gets populated with auth_callback_method set to POST. Something keeps the full flow from completing (we're doing this on mobile phones, so that's not unlikely). So the user is back navigating the rest of our application with that parameter still stuck in the session.
As long as they try to hit URLs that do not work with POST, the Authlogic Connect code will continue to turn the requests into POSTs and result in 404s. It seems like the auth_callback_method handling should be restricted to particular URLs.
Using facebook oauth.
The active_token_id field never gets populated in the User table. tokens and active_token always return nil. They key (for facebook) and active fields(both fb and twitter) in the access_tokens also never get filled.
@user.get_token(:facebook) works as expected.
Hi,
I have AbstractController::DoubleRenderError in UsersController#create when I'm trying to create user account via OpenID.
The code of create action:
def create
@user = User.new(params[:user])
@user.save do |result|
if result
flash[:notice] = "Account registered!"
redirect_to root_url
else
redirect_to sign_up_url
end
end
end
Parameters for create action:
{"commit"=>"Register",
"authentication_type"=>"user",
"authenticity_token"=>"+X7c+p3LvOQ0Bt38wvu3kykY2UAkKyqaII0yiCPQ7ks=",
"utf8"=>"\342\234\223",
"openid_identifier"=>"username.myopenid.com"}
I'm using Rails 3 and REE.
When attempting to install via:
sudo gem install authlogic-connect
on Rails 2.3.8, one is presented with this message:
Building native extensions. This could take a while...
ERROR: Error installing authlogic-connect:
activemodel requires activesupport (= 3.0.0, runtime)
Thoughts?
I've not had a chance to have a proper look, but it would appear that OAuth authentication breaks with the latest security release of rails (3.0.4).
If I get the chance, I'll try and uncover why, but thought I'd post here now in case anyone else experiences this in the meantime.
If the user tries to create an account that they already have, throw error.
Making a request to verify_credentials gets a 401, Incorrect signature error. (as does making a post request from the token's client to, say, create a friendship).
this came up on a first-search-attempt: http://groups.google.com/group/twitter-development-talk/browse_thread/thread/a5e0bfd8e1cd4177 Might be relevant, but I haven't had the chance to really look at it.
I'll look into this in the morning.
Not all openid/oauth providers give you the email, which can be considered a globally unique user friendly identifier. So if we set "validate_email_field", authlogic-connect should bring up a "confirm email" screen that prompts them to type in their email. We need to temporarily create a user though, in the database, so we could use a state machine ("confirmed", "active", etc.), or just a simple boolean ("confirmed"). Probably identify by the persistence_token
, is that acceptable (so in confirmation form, it would store persistence_token
in a hidden field)?
Example:
If user has logged in through Twitter, and then logged out, they now have an account and an OauthToken for twitter. Now if they login through MySpace, and we have the confirmation email thing setup, when they enter their email, we should find the user by that email, and associate that account with them, not create a new user.
Hi we found that you symbolize keys of session, which make flash bad.
in:
lib/authlogic_connect/common/variables.rb:
23: def auth_session
24: return nil unless auth_controller?
25: auth_controller.session.symbolize_keys!
Also after reviewing this method, I do not see where you use symbols, you use strings for compare:
27: if key.to_s =~ /^OpenID/
My solution is to remove 25 line.
My rails version is 2.3.10, where FlashNow use session["flash"].
With regards,
Paul
Is there a way to access the AccessToken returned from the OAuth provider before/after a save/update_attributes fails due to the AccessToken already belonging to a different user?
I'd really like to be able to query the API using the new AccessToken so that I can, e.g., pull the user name of the AccessToken to present in the error message, so that instead of saying:
"Sorry, that Twitter account is already linked", I could say "Sorry, the Twitter account [username] is already linked."
hi there, great gem, thanks for all the work!
seems the migrations included and the rails 2 example appear to be out of sync with the code.
in terms of migrations:
the code expects "access_tokens" table, not "tokens" which is currently in the included migrations
the code expects "token" field in the "access_tokens" table, which is currently missing from the included migration.
cheers
After going through a "register" action on my site, with Google OAuth, it creates the user and logs in all correctly. But, signing out, and trying to simply "login" again fails - it cannot find a token, then tries to deref a nil object.
The nil deref is easy enough to avoid (lib/authlogic_connect/oauth/session.rb line 61):
token = oauth_token.find_by_key(key, :include => [:user]) # some weird error if I leave out the include
self.attempted_record = token.user
But the thing that worries me is the token not being found - testing with Facebook and Twitter does not exhibit this behavior. I'd really like to get Google OAuth working as my users will likely be using that service the most. Any clues?
Hi Lance,
What's the best way to support dynamically setting the scope (in particular, for Facebook)? Right now it's handled by the settings config, correct?
Thanks,
Andrew
I'm not sure what a Facebook stream publish would look like. Something along the lines of:
def facebook
if token = authenticated_with?(:facebook)
@facebook ||= JSON.parse(token.post("/me/feed", {:message => "test"}))
puts "FACEBOOK LOG: "[email protected]
end
end
...but this just returns a 500 error from Facebook. Am I close?
(side note: the permissions requested might be better off someplace besides inside the gem)
My app requires teh email field to be mandatory. I notice that in some other authlogic add_ons (like authlogic_rpx), it is possible to save to session record optimistically, and then later prompt the user to enter the required field. Is it possible to do that authlogic-connect?
Thanks
The example app for both rails 3 and 2.3.* are not working for me.
When i do click on facebook, the url generated is something like "https://graph.facebook.com/oauth/authorize?scope=email,%20offline_access&client_id=&type=web_server&redirect_uri=http://192.168.0.121:3000/authenticate"
where the client_id is null.There is no provision to specify it.
Where as the live example on heroku is working fine.
What is the problem, am I doing something wrong??
Also, if i do add the client_id in the url, it authenticates the user, but again throws some exception while requesting the access token, as client_id id missing there too..
Thanks
Handle case where, if use is logged in through say twitter, and they try to create an account with twitter again.
http://groups.google.com/group/foursquare-api/browse_thread/thread/e85c855e79750db7
"/oauth/authenticate endpoint serves the same function as /oauth/authorize, but it will auto redirect the user if they've already authorized your app"
Current endpoint required user to allow the app everytime. this is more streamlined.
Handle case where user tries to login to an account they haven't registered for.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.