0.03
No commit activity in last 3 years
No release in over 3 years
warden_oauth will help you create oauth authentication strategies using the oauth helper method on the Warden::Manager config setup
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

Runtime

>= 0
>= 0.8.1
 Project Readme

warden_oauth¶ ↑

warden_oauth enhances the Warden authentication framework, offering a simple interface for creating oauth strategies.

Getting Started¶ ↑

To get started you just have to require the warden_oauth libraries, and setup the oauth services you would like to have on the Warden::Manager middleware declaration:

Warden::Manager do |config|
  config.failure_app = FailureApp
  config.oauth(:twitter) do |twitter|
    twitter.consumer_secret = <YOUR CONSUMER SECRET>
    twitter.consumer_key  = <YOUR CONSUMER KEY>
    twitter.options :site => 'http://twitter.com'
  end
  config.default_strategies(:twitter_oauth, :password, :other)
end

Giving an Access Token fetcher¶ ↑

Users get identified on a system via an access_token and an access_secret, when a valid access_token is recevied, warden_oauth calls a fetcher declared on Warden::OAuth.access_token_user_finder(:<strategy_key>).

Warden::OAuth.access_token_user_finder(:twitter) do |access_token|
  User.find_by_access_token_and_access_secret(access_token.token, access_token.secret)
end

If a user is returned, then this is the user that is going to be authenticated in the session, otherwise the FailureApp will be called, you may check the env['warden.options'][:oauth][:access_token] to check the original access_token and <bold>create a new user</bold> from there if desired.

Strategy Class info¶ ↑

When you declare an oauth strategy on the Warden::Config initialization, (e.g. config.oauth(:service_name)) a Warden::OAuth::Strategy::ServiceName will be declared, at the same time this class will be registered as :service_name_oauth on the Warden::Strategies.

So when we have a declaration like the one we have in the Getting Started section, we will have an Strategy class called Warden::OAuth::Strategy::Twitter, and this will be registered as :twitter_oauth on the Warden::Strategies.

Running the Strategy¶ ↑

In order to get the strategy running in the app, you have to specify a parameter called warden_oauth_provider with the name of the oauth service you want to use. So for example, if you would like to boot the twitter oauth example given on the “Getting Started” section you just have to specify the parameter on a protected url.

In Rails:

link_to 'Twitter Authentication', url_for(login_path(:warden_oauth_provider => 'twitter'))

There can be 3 different outcomes from this strategy:

  1. The OAuth credentials are invalid and the FailureApp is called.

  2. The OAuth credentials are valid, but there is no user associated to them. In this case the FailureApp is called, but the env[:oauth] will be available.

  3. The OAuth credentials are valid, and the user is authenticated successfuly.

Note:

In Rails, don’t set the :warden_oauth_provider parameter as part of the login route, if you do this, rails will catch the parameter, but not the warden rack middleware, ergo, it won’t work as expected.

Examples¶ ↑

If you want to know how to make a twitter authentication client, check examples/twitter/application.rb

Note on Patches/Pull Requests¶ ↑

For any error send an email to: romanandreg [at] gmail [dot] com

Copyright © 2009 Roman Gonzalez. See LICENSE for details.