omniauth

I started with Service Provider based SSO for SAML. Since the user had to enter his email before proceeding with the login, a state variable was initiated and passed on to the SSO. It comes back through the callback URL and hence was check again for the sanity purpose. It protected against CSRF attacks. Now IdP initiated SSO doesn't allow me to set state variable at all. Login starts at Identity Provider and only an auth token is provided to the app. I do not know which user is authenticating from the beginning. If I remove the state variable check, it could trigger a CSRF attack as well. I am

Say I have the models User and Project. Users and projects are HABTM-associated. My setup is actually a bit more complicated than this, but I think for the purposes of my question this will do. Now, I want to use omniauth to authenticate a particular project with Twitter, Facebook, what have you. I've figured out how to define my omniauth path_prefix, but I don't know how I could pass in a variable like so: config.path_prefix = 'projects/:project_id/auth' , much less make a custom callback url like project/:project_id/auth/twitter/callback. This will break in production. In development you can

So Im developing a Rails app- primarily serves API which I want to lock down behjind a nice authorization system. Ive created Rails apps which render HTML and for that I used Devise and CanCan. This time I want to serve JSON to my clients. I basically have the following requirements: Need an authorization system thats robust A user should be able to log in with existing apps such as facebook, twitter, linked in and google There should be full stack authorization available Now this is my 1st app that Im writing that serves up API so I started researching and so far Ive found the following

How can I rescue from an OAuth::Unauthorized exception as raised from OmniAuth in a Ruby on Rails application? Obviously this: rescue_from OAuth::Unauthorized, :with => :unauthorized won't work as that only catches exception thrown inside Rails and this exception is thrown somewhere else in the rack chain. In this application the administrators (and not us, the developers) configure the credentials for twitter and facebook, so having the wrong ones is something that can happen and indeed does happen. I'd like to show a better message that "Something went wrong" when that happens. Update : I

Im following Ryan bates RailsCast on devise and omniauth (episode 235-devise-and-omniauth-revised). I keep getting the error in the title when i try to log in with twitter. def self.new_with_session(params, session) if session["devise.user_attributes"] new(session["devise.user_attributes"], without_protection: true) do |user| user.attributes = params user.valid? end Full trace: C:/Ruby200-x64/lib/ruby/gems/2.0.0/bundler/gems/mongoid-fe7f43430580/lib/mongoid/document.rb:106:in `initialize' devise (3.0.0.rc) lib/devise/models/confirmable.rb:46:in `initialize' app/models/user/user.rb:58:in `new'

I have 2 gems that depend on conflicting versions of hashie (one requires ~> 1.2.0 and the other requires 3.3.1): Bundler could not find compatible versions for gem "hashie": In Gemfile: restforce (>= 0) ruby depends on hashie (~> 1.2.0) ruby omniauth (>= 0) ruby depends on hashie (3.3.1) I'd like to keep both gems and use the higher version of hashie. Is there a way for me override one of the gem dependencies? The standard advise is to use the higher version compatible . I do this way, but I think bundler has a defined command for it. First remove the line of gem 'omniauth' at your Gemfile.

I'd like to know which providers have been loaded for use by the OmniAuth gem . I've tried this: OmniAuth::Strategies.constants # a method provided by the standard lib Module class # => [:Developer, :OAuth, :Twitter] and this: OmniAuth.strategies.inspect # a method provided by the OmniAuth class, but which has no documentation or comments around it. # => [OmniAuth::Strategies::OAuth] The answer I'd expect (or want) is [:Developer, :Twitter] as in my test code I've only loaded twitter explicitly, and the developer provided is loaded by default. (This is all so a different library can load the

I'm working to get the google-api-ruby-client gem working following the basic usage example here: Basic usage require 'google/apis/drive_v2' Drive = Google::Apis::DriveV2 # Alias the module drive = Drive::DriveService.new drive.authorization = ... # See Googleauth or Signet libraries # Search for files in Drive (first page only) files = drive.list_files(q: "title contains 'finances'") files.items.each do |file| puts file.title end Where I'm stuck is drive.authorization . I have an authorized token already for the user via the gem omniauth-google-oauth2. How do I use that token with google-api