Rails 3 / Devise / Oauth2 / Mongoid

Steven Evatt, Chron.com

Blog: http://www.evatt.com/blog

Web: http://PriceChirp.com

Twitter: @sevatt

Houston-RoR Feb 2010

Installation Guide

2

Today We'll Cover:

Installing a new rails 3 project Devise Oauth2 Mongoid

Issues Tips Take Aways

3

Why???

I found multiple Devise / Oauth2 install guides, all dated in the past 6 months, all but one were deprecated

No guide existed to add Mongoid into the mix

Prerequisites

• Working Ruby / Rails 3 environment

• Mongodb installed

5

Starting the project

6

Add Required Gems to Gemfile

7

Bundler

8

Setup Mongoid

9

Installing Devise

10

Create a Facebook Application

http://www.facebook.com/developers/createapp.php

11

Facebook App Security

12

Facebook Application Data

13

Passenger Setup

/etc/apache2/site-enabled/007-dev-ror_fb_test

/etc/init.d/apache2 restart

14

Add :omniauthable to devise definition in model:

Apps/models/user.rb

15

Declare the provider in your config/initializers/devise.rb:

config.omniauth :facebook, "APP_ID", "APP_SECRET“

Optional… add

{:scope => ‘email,read_stream,read_facebook_docs_for_scope_names’}

16

Define find_for_facebook_oauth

In the user model (apps/model/user.rb)

17

Create a default view

Generate a default page rails generate controller pages index

Update config/routes.rb root :to => 'pages#index'

Move default rails index out of the way mv public/index.html public/index_org.html

18

Add login button Application Layout

App/views/layouts/applications.html.rb

19

Test Login Button

Strange error!

Caused by missing setting in facebook!

20

Test Login Button – Again

New error

We have not defined the callback for this action In config/routes.rb

21

Create Callback

Create the callback controller: "app/controllers/users/omniauth_callbacks_controller.rb" with a callback

named after the provider:

22

The Login Button Finally Works!

23

Sessions

Notice that Devise RegistrationsController by default calls "User.new_with_session" before building a resource. This means that, if we need to copy data from session whenever an user is initialized before sign up, we just need to implement new_with_session in our model. Here is an example that copies the facebook email if available:

Observations

• Oauth2 uses the email address as the key. Devise requires a password, so we insert a fake password in the database. By replacing the fake password with a real password, we can have both local and Oauth2 logins

• Omniauth support requires Devise 1.2, currently only provided from GIT repository, master branch

• Devise 1.2 only allows you to make one model :omniauthable

25

Take Aways Oauth2 uses the email field with a fake

password. By adding a password you can have both Oauth2 and local logins

It is easier than it first appears to get Rails 3 / Devise / Oauth2 / Mongo all working together

The gem ecosystem is rapidly changing, check to see if advise has been superseded before blindly following anintegration guide

26

Thanks for Coming!

Steven Evatt

Email: steven@evatt.com

Site: PriceChirp.com

Blog: www.evatt.com/blog

Twitter: @sevatt