Your SlideShare is downloading. ×
OmniAuth: From the Ground Up
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

OmniAuth: From the Ground Up

14,075
views

Published on

Slides from my Red Dirt Ruby Conf 2011 talk about OmniAuth. Source code at https://github.com/mbleigh/omniauth-from-the-ground-up

Slides from my Red Dirt Ruby Conf 2011 talk about OmniAuth. Source code at https://github.com/mbleigh/omniauth-from-the-ground-up

Published in: Technology

0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
14,075
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
25
Comments
0
Likes
4
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. OmniAuth:From the Ground UpMichael Bleigh / Red Dirt Ruby Conf 2011
  • 2. Michael Bleigh
  • 3. @mbleigh
  • 4. @intridea
  • 5. OmniAuth!github.com/intridea/omniauth
  • 6. Not JUST RailsIt’s Rack, Baby!
  • 7. Login viaanything
  • 8. Past.Present.Future.
  • 9. Past!The why of OmniAuth
  • 10. Why are thereso many Rubyauthentication solutions?
  • 11. Assumptions.
  • 12. I only need one User model.Users will sign up and provide a password.Only e-mail can validate users.I only need one authentication method.I’m only going to use Rails in my app.I don’t want to customize anything.
  • 13. Magic in all thewrong places.
  • 14. Can we do better?
  • 15. I Need Auth MAGIC! User Info
  • 16. OmniAuth
  • 17. An expanding,normalized system for external authentication.
  • 18. It takes a while tomake easy things. March 30, 2010 First Commit October 1, 2010 0.1.0 (public release)
  • 19. 0.1.010 providers,3 contributors
  • 20. 0.2.3 36 providers,52 contributors
  • 21. 37signals Bit.ly CAS DailyMile Doit.im Dopplr Evernote FacebookFlickr Foursquare GitHub Goodreads Google Google Apps Gowalla HyvesIdenti.ca Instagram Instapaper LDAP LinkedIn Meetup Miso Mixi Netflix OpenID Salesforce SmugMug SoundCloud TeamBox TradeMe TripIt Tumblr Twitter Vimeo Vkontakte YouTube
  • 22. Present!The how of OmniAuth
  • 23. image via stopdropandrew.comLet’s kill the magic.
  • 24. The Guts• OmniAuth is just middleware• Each provider is a strategy• Each strategy has three phases: • Setup Phase • Request Phase • Callback Phase
  • 25. The User Info Hash{    “provider”  =>  “friendface”,    “uid”  =>  “123456”,    “user_info”  =>  {        “nickname”  =>  “mbleigh”,        “name”  =>  “Michael  Bleigh”,        “email”  =>  “michael@intridea.com”    },    “auth”  =>  {        “token”  =>  “120942310491asfas-­‐213-­‐0123”    }}
  • 26. The Bare Minimum{    “provider”  =>  “minimal”,    “uid”  =>  “123456”,    “user_info”  =>  {        “name”  =>  “Michael  Bleigh”    }}
  • 27. Setup Phase•Optional (:setup  =>  true)• Calls through to app to allow: • Dynamic provider credentials • Runtime strategy modification • Stuff I haven’t thought of
  • 28. Request Phase /auth/:provider• Requests information of the user • For OAuth, redirects to provider • For OpenID, requests URL • For LDAP, requests user/pass
  • 29. Callback Phase /auth/:provider/callback• Creates the user info hash• For OAuth, grabs and uses access token to fetch user info• For OpenID, parses the response• For LDAP, retrieves directory info
  • 30. Roll your own!
  • 31. Hell yeah! LightningLivecoding!
  • 32. Future!The what now of OmniAuth
  • 33. OmniAuth forinternal auth?
  • 34. oa-identity• Treat internal auth like an external provider• Same flow (request, callback)• Customizable user info• Mission: RailsConf!
  • 35. Playing evennicer with others.
  • 36. RobusterRails integration.
  • 37. oa-rails• Authentication model generator• Convenience hooks for building your stable of providers• An (optional) fully automatic engine-based auth flow
  • 38. Dev Friendliness
  • 39. [your  idea  here]
  • 40. Thanks! http://spkr8.com/t/7281 @mbleigh @intrideagithub.com/intridea/omniauth