BobbyMcWho-omniauth
OmniAuth是一个极其低接触low-touch的库,OmniAuth被设计成一个黑盒子,当你想验证你的应用程序的用户信息和并收到反馈,你可以将它发送OmniAuth.
OmniAuth是被特意构建的,OmniAuth不会自动关联一个用户模型(User Model),也不提供用户认证的方法,也不处理用户通过认证后数据。
OmniAuth was intentionally built not to automatically associate with a User model or make assumptions about how many authentication methods you might want to use or what you might want to do with the data once a user has authenticated
This makes OmniAuth incredibly flexible.
用OmniAuth, 你需要重定向users 到 /auth/:provider
:provider 就是strategy的名字。
To use OmniAuth,you need only to redirect users to /auth/:provider, where :provider is the name of the strategy (for example developer or twitter).
真的使用这么简单吗? 只需要配置一个 /auth/:provider ?
OmniAuth will take over (接管) and take the user through(引导用户) the necessary steps (必要的步骤)to authenticate them with the chosen strategy.()
Once the user has authenticated, what do you do next? 用户完成验证后,接下来要做什么?
OmniAuth simply sets a special hash called the Authentication Hash on the Rack environment of a request to /auth/:provider/callback.
OmniAuth 简单的设置一个特殊的hash(Authentication Hash) 在Rack environment 通过一个 request 到 /auth/:provider/callback
OmniAuth通一个 /auth/:provider/callback请求的Rack environment中设置一个Hash称为Authentication Hash.
OmniAuth只是在/auth/:provider/callback请求的机架环境中设置一个称为身份验证哈希的特殊哈希。
This hash contains as much information about the user as OmniAuth was able to glean from the utilized strategy.
这个Hash包括 OmniAuth通过使用的策略(utilized strategy)所能收集到的用户的全部信息。
You should set up an endpoint in your application that matches to the callback URL and then performs whatever steps are necessary for your application. For example, in a Rails app you would add a line in your routes.rb file like this:
OmniAuth是被特意构建的,OmniAuth不会自动关联一个用户模型(User Model),也不提供用户认证的方法,也不处理用户通过认证后数据。
OmniAuth was intentionally built not to automatically associate with a User model or make assumptions about how many authentication methods you might want to use or what you might want to do with the data once a user has authenticated
This makes OmniAuth incredibly flexible.
用OmniAuth, 你需要重定向users 到 /auth/:provider
:provider 就是strategy的名字。
To use OmniAuth,you need only to redirect users to /auth/:provider, where :provider is the name of the strategy (for example developer or twitter).
真的使用这么简单吗? 只需要配置一个 /auth/:provider ?
OmniAuth will take over (接管) and take the user through(引导用户) the necessary steps (必要的步骤)to authenticate them with the chosen strategy.()
Once the user has authenticated, what do you do next? 用户完成验证后,接下来要做什么?
OmniAuth simply sets a special hash called the Authentication Hash on the Rack environment of a request to /auth/:provider/callback.
OmniAuth 简单的设置一个特殊的hash(Authentication Hash) 在Rack environment 通过一个 request 到 /auth/:provider/callback
OmniAuth通一个 /auth/:provider/callback请求的Rack environment中设置一个Hash称为Authentication Hash.
OmniAuth只是在/auth/:provider/callback请求的机架环境中设置一个称为身份验证哈希的特殊哈希。
This hash contains as much information about the user as OmniAuth was able to glean from the utilized strategy.
这个Hash包括 OmniAuth通过使用的策略(utilized strategy)所能收集到的用户的全部信息。
You should set up an endpoint in your application that matches to the callback URL and then performs whatever steps are necessary for your application. For example, in a Rails app you would add a line in your routes.rb file like this:
post '/auth/:provider/callback', to: 'sessions#create'
And you might then have a SessionsController with code that looks something like this:
class SessionsController < ApplicationController # If you're using a strategy that POSTs during callback, you'll need to skip the authenticity token check for the callback action only. skip_before_action :verify_authenticity_token, only: :create def create @user = User.find_or_create_from_auth_hash(auth_hash) self.current_user = @user redirect_to '/' end protected def auth_hash request.env['omniauth.auth'] end end
The omniauth.auth key in the environment hash provides an Authentication Hash which will contain information about the just authenticated user including a unique id, the strategy they just used for authentication, and personal details such as name and email address as available. For an in-depth description of what the authentication hash might contain, see the Auth Hash Schema wiki page.
Note that OmniAuth does not perform any actions beyond setting some environment information on the callback request. It is entirely up to you how you want to implement the particulars of your application's authentication flow.
Please note: there is currently a CSRF vulnerability which affects OmniAuth (designated CVE-2015-9284) that requires mitigation at the application level. More details on how to do this can be found on the Wiki.
配置Origin param
The origin url parameter is typically used to inform where a user came from and where, should you choose to use it, they'd want to return to.
配置Origin param
The origin url parameter is typically used to inform where a user came from and where, should you choose to use it, they'd want to return to.
There are three possible options:
Default Flow:
# /auth/twitter/?origin=[URL] # No change # If blank, `omniauth.origin` is set to HTTP_REFERER
Renaming Origin Param:
# /auth/twitter/?return_to=[URL] # If blank, `omniauth.origin` is set to HTTP_REFERER provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: 'return_to'
Disabling Origin Param:
# /auth/twitter # Origin handled externally, if need be. `omniauth.origin` is not set provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: false
继承OmniAuth into your Rails API
The following middleware are (by default) included for session management in Rails applications. When using OmniAuth with a Rails API, you'll need to add one of these required middleware back in:
会话管理
- ActionDispatch::Session::CacheStore
- ActionDispatch::Session::CookieStore
- ActionDispatch::Session::MemCacheStore
传递session_options 回来,
The trick to adding these back in is that, by default, they are passed session_options when added (including the session key会话秘钥), so you can't just add a session_store.rb initializer, add use ActionDispatch::Session::CookieStore and have sessions functioning as normal.
To be clear: sessions may work, but your session options will be ignored (i.e. the session key will default to _session_id). Instead of the initializer,
you'll have to set the relevant options(相关选项) somewhere before your middleware is built (like application.rb) and pass them to your preferred middleware(将它们传递给你的首选中间件), like this:
you'll have to set the relevant options(相关选项) somewhere before your middleware is built (like application.rb) and pass them to your preferred middleware(将它们传递给你的首选中间件), like this:
application.rb:
config.session_store :cookie_store, key: '_interslice_session' config.middleware.use ActionDispatch::Cookies # Required for all session management config.middleware.use ActionDispatch::Session::CookieStore, config.session_options
OmniAuth 是一个Ruby认证框架,aimed to abstract away the difficulties of working with various types of authentication providers.
It is meant to be hooked up to just about any system, 可以hookup任何系统,从social networks 到 enterprise systems 到 simple username and password authentication.
使用非常简单,但是理解起来不简单。
1. Gemfile
gem 'omniauth-github', github: 'intridea/omniauth-github' gem 'omniauth-openid', github: 'intridea/omniauth-openid'
2. you can use the OmniAuth::Builder Rack middleware to build up your list of OmniAuth strategies for use in your application
use OmniAuth::Builder do provider :github, ENV['GITHUB_KEY'], ENV['GITHUB_SECRET'] provider :openid, store: OpenID::Store::Filesystem.new('/tmp') end
3. 在Rails应用程序里面使用OmniAuth , When using OmniAuth in a Rails application you can add it to your middleware:
Rails.application.config.middleware.use OmniAuth::Builder do require 'openid/store/filesystem' provider :github, ENV['GITHUB_KEY'], ENV['GITHUB_SECRET'] provider :openid, store: OpenID::Store::Filesystem.new('/tmp') end
Also of note, by default, if user authentication fails on the provider side, OmniAuth will catch the response and then redirect the request to the path /auth/failure, passing a corresponding error message in a parameter named message. You may want to add an action to catch these cases. Continuing with the previous Sinatra example, you could add an action like this:
get '/auth/failure' do flash[:notice] = params[:message] # if using sinatra-flash or rack-flash redirect '/' end
阅读量: 570
发布于:
修改于:
发布于:
修改于: