Authlogic OAuth is an extension of the Authlogic library to add OAuth support. One use case for authentication with OAuth is allowing users to log in with their Twitter credentials.
* Authlogic: github.com/binarylogic/authlogic * OAuth Example Project: github.com/jrallison/authlogic_example/tree/with-oauth * Live example with Twitter: authlogic-oauth.heroku.com
-
Authlogic: github.com/binarylogic/authlogic
-
Authlogic Example: github.com/binarylogic/authlogic_example
$ sudo gem install oauth $ sudo gem install authlogic-oauth
Now add the gem dependencies in your config:
config.gem "oauth" config.gem "authlogic-oauth", :lib => "authlogic_oauth"
Or for older version of rails, install it as a plugin:
$ script/plugin install git://github.com/jrallison/authlogic_oauth.git
class AddUsersOauthFields < ActiveRecord::Migration def self.up add_column :users, :oauth_token, :string add_column :users, :oauth_secret, :string add_index :users, :oauth_token change_column :users, :login, :string, :default => nil, :null => true change_column :users, :crypted_password, :string, :default => nil, :null => true change_column :users, :password_salt, :string, :default => nil, :null => true end def self.down remove_column :users, :oauth_token remove_column :users, :oauth_secret [:login, :crypted_password, :password_salt].each do |field| User.all(:conditions => "#{field} is NULL").each { |user| user.update_attribute(field, "") if user.send(field).nil? } change_column :users, field, :string, :default => "", :null => false end end end
You only need to save your objects this way if you want the user to authenticate with their OAuth provider.
That being said, you probably want to do this in your controllers. You should do this for BOTH your User objects and UserSession objects (assuming you are authenticating users). It should look something like this:
@user_session.save do |result| if result flash[:notice] = "Login successful!" redirect_back_or_default account_url else render :action => :new end end
You should save your @user objects this way as well, because you also want the user to authenticate with OAuth.
Notice we are saving with a block. Why? Because we need to redirect the user to their OAuth provider so that they can authenticate. When we do this, we don’t want to execute that block of code, because if we do, we will get a DoubleRender error. This lets us skip that entire block and send the user along their way without any problems.
The oauth_consumer should return an OAuth::Consumer which is configured for your OAuth provider. Here’s an example for Twitter:
class UserSession < Authlogic::Session::Base def self.oauth_consumer OAuth::Consumer.new("TOKEN", "SECRET", { :site=>"http://twitter.com", :authorize_url => "http://twitter.com/oauth/authenticate" }) end end
<%= oauth_register_button :value => "Register with Twitter" %> <%= oauth_login_button :value => "Login with Twitter" %>
That’s it! The rest is taken care of for you.
-
Safe OAuth error handling.
-
Remove oauth request from the Rails request cycle.