As all we know oauth its one of the most popular methods to signup to many websites throught another 3rd patry services, and at this point probably you should know how to implement with omniauth gem. But many times we encounter some problems durning the development of this fancy feature. Here are my recomendations
Secure your API Keys
Many times we push our code on open source repos without consider that other people (with bad intentions) could read it, so we do something like this
Rails.application.config.middleware.use OmniAuth::Builder do provider :twitter, '611798630625', 'c699f703f247ee23ce447850' end
That is not too much dangerous to run and scream, just take the necesary precautions and set those variables inside the rails enviroment
Rails.application.config.middleware.use OmniAuth::Builder do provider :twitter, ENV['TWITTER_KEY'], ENV['TWITTER_SECRET'] end
Diferent Keys for Enviroments
The reason of that its because in some api providers like facebook doesn’t support multiple callbacks in diferents urls, so I think it will be a good practice to do this
Rails.application.config.middleware.use OmniAuth::Builder do provider :twitter, ENV[Rails.env]['TWITTER_KEY'], ENV[Rails.env]['TWITTER_SECRET'] end
Yeah! I know its a lot of configuration, but that allow you to work and test with your 3rd Party provider better
Google Apps vs Google Oauth2
Since everyone have a google account, everyone want to use it (thats because som users feel more confident to login through google instead a common social network like facebook or twitter). But which its the best solution?
For groups who uses google apps, that is the easiest way: Include the gem
After you add the gem you will need to require some libraries on your omniauth initializer file
and because we dont need to create api keys you will use open id
provider :google_apps, store: OpenID::Store::Filesystem.new('/tmp'), domain: 'yourdomain.com'
and that will work for an specific domain name
For a regular gmail account, but here we will need to add API keys… but where? Ok Go here and get some API keys for Oauth2 https://code.google.com/apis/console and also dont forget to add some permissions for the google api’s that you want to use.
The rest of the configurartion for omniauth its almost the same, but for the api use, that will be another show.