-
Notifications
You must be signed in to change notification settings - Fork 27
Overview
See the README for how to get up and running.
- Controller calls
save - Save checks to see what type of authentication we’re going to use
- methods called
authenticating_with_x?sees if its service is in use - called twice, once before, and once after, redirect
- it does this by checking if the session and parameters have certain variables defined.
- methods called
- Save calls
save_with_x, which either:- performs the initial redirect, or
- on response from the service, retrieves attributes and saves the user
- If first round (hasn’t yet redirected):
- Saves important data into the session
- Specifies callback url based on controller name and action
- Redirects to remote service
- User clicks “accept!”
- Redirects back to callback url
- If second round (redirect callback url):
- Still processing service (
authenticating_with_oauth?for example) - Instantiates new User, Session, or Token, or all 3 if they are brand new
- Validates User and Session
- You don’t want to validate any password/email if you’re using these services,
so they are all skipped - Need to validate keys
- Save user
- Still processing service (
- Finish block, render page
When you make a request to one of these services, it responds with a GET request. But assuming we have made the request through a create method (UsersController#create for /register, UserSessionsController#create for /login), we want that GET to be a POST.
This is accomplished by adding a property called auth_callback_method to the session when the original request is made. It says “POST”, or whatever the translation is from the controller method that was called.
Then a Rack Middleware filter converts the GET return request from the authentication service into POST. This forces it to run back through the create method. Check out AuthlogicConnect::CallbackFilter for details. Or search “Rack Middleware”.
- Rails 3 Initialization Process
- Rails 3 Plugins – Part 1, Big Picture
- Rails 3 Plugins – Part 2, Writing an Engine
- Rails 3 Plugins – Part 3, Initializers
- Using Gemspecs as Intended
should look like this:
Params from form:
@{"authentication_type"=>"user", "submit"=>"Register", "openid_identifier"=>"", "oauth_provider"=>"twitter"}
@
Session just before redirect:
@{"authentication_type"=>"user", "oauth_request_token"=>"token_key", "session_id"=>"session_hash", "auth_callback_method"=>"POST", "auth_attributes"=>{"login_count"=>0}, "oauth_request_token_secret"=>"token_secret", "auth_request_class"=>"User", "auth_method"=>"oauth", "oauth_provider"=>"twitter"}
@
The regular OAuth process is a four-step sequence:
- ask for a “request” token.
- ask for the token to be authorized, which triggers user approval.
- exchange the authorized request token for an “access” token.
- use the access token to interact with the user’s Google service data.
If they logout and log back into OpenID, we can find their token solely from the data they pass in (openid_identifier). This is unlike Oauth, where we have to run through the whole process again because we don’t know anything about them.