Your SlideShare is downloading. ×
0
OmniAuth:                      From the Ground Up                          Michael Bleigh / RailsConf 2011Wednesday, May 1...
Michael BleighWednesday, May 18, 2011
@mbleighWednesday, May 18, 2011
@intrideaWednesday, May 18, 2011
OmniAuth                github.com/intridea/omniauthWednesday, May 18, 2011
Wednesday, May 18, 2011
OmniAuth!                github.com/intridea/omniauthWednesday, May 18, 2011
Login with                           anythingWednesday, May 18, 2011
Assume                               nothing*                          *plus or minus a few small assumptionsWednesday, Ma...
Past.                          Present.                          Future.Wednesday, May 18, 2011
Past!                          The why of OmniAuthWednesday, May 18, 2011
Why are there               so many #&@$!                authentication                  libraries?Wednesday, May 18, 2011
devise                       authlogic                       clearance                        sorcery                restf...
Assumptions.Wednesday, May 18, 2011
I only need one User model.        Users will sign up and provide a password.        Only e-mail can validate users.      ...
Wednesday, May 18, 2011
Wednesday, May 18, 2011
Can we do                           better?Wednesday, May 18, 2011
We need a single,              normalized system                          for authentication.Wednesday, May 18, 2011
I Need Auth                          MAGIC!                             User InfoWednesday, May 18, 2011
OmniAuthWednesday, May 18, 2011
It takes a while to            make easy things.                          March 30, 2010        First Commit              ...
October 1, 2010                           0.1.0                      10 providers,                      3 contributorsWedn...
April 21, 2011                          0.2.3                  36 providers,                 52 contributorsWednesday, May...
Today                          master                  47 providers,                 76 contributorsWednesday, May 18, 2011
Wednesday, May 18, 2011
Present!        The now of OmniAuthWednesday, May 18, 2011
Wednesday, May 18, 2011
Good News!                    We’re living in                     the future*              *or an unrealeased git branch b...
gem ‘omniauth’,          :git => ‘git://github.com/intridea/omniauth.git’,          :branch => ‘1.0-beta’Wednesday, May 18...
@sferikWednesday, May 18, 2011
“...has commit access to just          about every repo on GitHub”                          - Josh KalderimisWednesday, Ma...
oa-identity                          Login and Password with                           OmniAuth PhilosophyWednesday, May 1...
Inevitable, but                        difficult.Wednesday, May 18, 2011
Avoiding                          AssumptionsWednesday, May 18, 2011
Do almost                           nothing.Wednesday, May 18, 2011
user model                e-mail verify                    fancy               JUST IDENTITYWednesday, May 18, 2011
/auth/identity           /auth/identity/callback           /auth/identity/registerWednesday, May 18, 2011
Identity in action?                          Socialspring                           PassportWednesday, May 18, 2011
Requirements                   •      Social and traditional auth                   •      Strict e-mail verification      ...
Let’s see what                      happens...Wednesday, May 18, 2011
[ livecoding ]Wednesday, May 18, 2011
OmniAuth as                your only auth*                          *if you like it that way, like I do.Wednesday, May 18,...
OmniAuth as a                   FrameworkWednesday, May 18, 2011
Perception                          PerceptionWednesday, May 18, 2011
image via stopdropandrew.com             Let’s kill the magic.Wednesday, May 18, 2011
RealityWednesday, May 18, 2011
The Guts                   • OmniAuth is just middleware                   • Each provider is a strategy                  ...
The User Info Hash      {      	  	  “provider”	  =>	  “friendface”,      	  	  “uid”	  =>	  “123456”,      	  	  “user_in...
The Bare Minimum      {      	  	  “provider”	  =>	  “minimal”,      	  	  “uid”	  =>	  “123456”,      	  	  “user_info”	 ...
Request Phase                            /auth/:provider                   • Requests information of the user             ...
Callback Phase                            /auth/:provider/callback                   • Creates the user info hash         ...
Enough talk.                          Let’s BUILD!Wednesday, May 18, 2011
[ livecoding ]Wednesday, May 18, 2011
Future!         The what’s next of OmniAuthWednesday, May 18, 2011
Fostering                          ContributionWednesday, May 18, 2011
TestingWednesday, May 18, 2011
Y U NO HAVE TESTS?Wednesday, May 18, 2011
API Calls with remote site        interaction and credential              requirements.                   To 40+ different ...
I had to choose:                  Test it all, or                release it ever.Wednesday, May 18, 2011
Testing is                     priority #1                    going forward.Wednesday, May 18, 2011
SUP DAWG I HEARD YOU LIKE TESTING GEMS  SO I MADE A GEM TO TEST YOUR GEM AND WROTE    TESTS FOR IT SO YOU CAN TEST MY GEM ...
Help me. Please.Wednesday, May 18, 2011
Documentation         (for contributors)Wednesday, May 18, 2011
ConvenienceWednesday, May 18, 2011
Massaging                          Pain PointsWednesday, May 18, 2011
Rails Integration             (via a separate gem)Wednesday, May 18, 2011
Documentation                  (for users)Wednesday, May 18, 2011
Moar Strategies                          (written by not me)Wednesday, May 18, 2011
Moar Suggestions!Wednesday, May 18, 2011
Thanks! Questions?                    http://spkr8.com/t/7512                    @mbleigh @intridea               github.c...
Upcoming SlideShare
Loading in...5
×

OmniAuth: From the Ground Up (RailsConf 2011)

4,652

Published on

Slides associated with RailsConf 2011 presentation on OmniAuth.

Published in: Technology, Business
1 Comment
4 Likes
Statistics
Notes
No Downloads
Views
Total Views
4,652
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
66
Comments
1
Likes
4
Embeds 0
No embeds

No notes for slide

Transcript of "OmniAuth: From the Ground Up (RailsConf 2011)"

  1. 1. OmniAuth: From the Ground Up Michael Bleigh / RailsConf 2011Wednesday, May 18, 2011
  2. 2. Michael BleighWednesday, May 18, 2011
  3. 3. @mbleighWednesday, May 18, 2011
  4. 4. @intrideaWednesday, May 18, 2011
  5. 5. OmniAuth github.com/intridea/omniauthWednesday, May 18, 2011
  6. 6. Wednesday, May 18, 2011
  7. 7. OmniAuth! github.com/intridea/omniauthWednesday, May 18, 2011
  8. 8. Login with anythingWednesday, May 18, 2011
  9. 9. Assume nothing* *plus or minus a few small assumptionsWednesday, May 18, 2011
  10. 10. Past. Present. Future.Wednesday, May 18, 2011
  11. 11. Past! The why of OmniAuthWednesday, May 18, 2011
  12. 12. Why are there so many #&@$! authentication libraries?Wednesday, May 18, 2011
  13. 13. devise authlogic clearance sorcery restful-authentication, and so on...Wednesday, May 18, 2011
  14. 14. Assumptions.Wednesday, May 18, 2011
  15. 15. I only need one User model. Users will sign up and provide a password. Only e-mail can validate users. I only need one authentication method. I’m only going to use Rails in my app. I don’t have variable deploy targets. I don’t want to customize much.Wednesday, May 18, 2011
  16. 16. Wednesday, May 18, 2011
  17. 17. Wednesday, May 18, 2011
  18. 18. Can we do better?Wednesday, May 18, 2011
  19. 19. We need a single, normalized system for authentication.Wednesday, May 18, 2011
  20. 20. I Need Auth MAGIC! User InfoWednesday, May 18, 2011
  21. 21. OmniAuthWednesday, May 18, 2011
  22. 22. It takes a while to make easy things. March 30, 2010 First Commit October 1, 2010 0.1.0 (public release)Wednesday, May 18, 2011
  23. 23. October 1, 2010 0.1.0 10 providers, 3 contributorsWednesday, May 18, 2011
  24. 24. April 21, 2011 0.2.3 36 providers, 52 contributorsWednesday, May 18, 2011
  25. 25. Today master 47 providers, 76 contributorsWednesday, May 18, 2011
  26. 26. Wednesday, May 18, 2011
  27. 27. Present! The now of OmniAuthWednesday, May 18, 2011
  28. 28. Wednesday, May 18, 2011
  29. 29. Good News! We’re living in the future* *or an unrealeased git branch beta thereofWednesday, May 18, 2011
  30. 30. gem ‘omniauth’, :git => ‘git://github.com/intridea/omniauth.git’, :branch => ‘1.0-beta’Wednesday, May 18, 2011
  31. 31. @sferikWednesday, May 18, 2011
  32. 32. “...has commit access to just about every repo on GitHub” - Josh KalderimisWednesday, May 18, 2011
  33. 33. oa-identity Login and Password with OmniAuth PhilosophyWednesday, May 18, 2011
  34. 34. Inevitable, but difficult.Wednesday, May 18, 2011
  35. 35. Avoiding AssumptionsWednesday, May 18, 2011
  36. 36. Do almost nothing.Wednesday, May 18, 2011
  37. 37. user model e-mail verify fancy JUST IDENTITYWednesday, May 18, 2011
  38. 38. /auth/identity /auth/identity/callback /auth/identity/registerWednesday, May 18, 2011
  39. 39. Identity in action? Socialspring PassportWednesday, May 18, 2011
  40. 40. Requirements • Social and traditional auth • Strict e-mail verification • Multiple e-mails, multiple authentications per user • Flexible enough to work with LDAP etc. for behind-the-firewall installs • Automatic account creation based on confirmed email domainsWednesday, May 18, 2011
  41. 41. Let’s see what happens...Wednesday, May 18, 2011
  42. 42. [ livecoding ]Wednesday, May 18, 2011
  43. 43. OmniAuth as your only auth* *if you like it that way, like I do.Wednesday, May 18, 2011
  44. 44. OmniAuth as a FrameworkWednesday, May 18, 2011
  45. 45. Perception PerceptionWednesday, May 18, 2011
  46. 46. image via stopdropandrew.com Let’s kill the magic.Wednesday, May 18, 2011
  47. 47. RealityWednesday, May 18, 2011
  48. 48. The Guts • OmniAuth is just middleware • Each provider is a strategy • Each strategy is a class • Each strategy has phases: • Request Phase • Callback PhaseWednesday, May 18, 2011
  49. 49. The User Info Hash {    “provider”  =>  “friendface”,    “uid”  =>  “123456”,    “user_info”  =>  {        “nickname”  =>  “mbleigh”,        “name”  =>  “Michael  Bleigh”,        “email”  =>  “michael@intridea.com”    },    “credentials”  =>  {        “token”  =>  “120942310491asfas-­‐213-­‐0123”    } }Wednesday, May 18, 2011
  50. 50. The Bare Minimum {    “provider”  =>  “minimal”,    “uid”  =>  “123456”,    “user_info”  =>  {        “name”  =>  “Michael  Bleigh”    } }Wednesday, May 18, 2011
  51. 51. Request Phase /auth/:provider • Requests information of the user • For OAuth, redirects to provider • For OpenID, requests URL • For LDAP, requests user/passWednesday, May 18, 2011
  52. 52. Callback Phase /auth/:provider/callback • Creates the user info hash • For OAuth, grabs and uses access token to fetch user info • For OpenID, parses the response • For LDAP, retrieves directory infoWednesday, May 18, 2011
  53. 53. Enough talk. Let’s BUILD!Wednesday, May 18, 2011
  54. 54. [ livecoding ]Wednesday, May 18, 2011
  55. 55. Future! The what’s next of OmniAuthWednesday, May 18, 2011
  56. 56. Fostering ContributionWednesday, May 18, 2011
  57. 57. TestingWednesday, May 18, 2011
  58. 58. Y U NO HAVE TESTS?Wednesday, May 18, 2011
  59. 59. API Calls with remote site interaction and credential requirements. To 40+ different sites.Wednesday, May 18, 2011
  60. 60. I had to choose: Test it all, or release it ever.Wednesday, May 18, 2011
  61. 61. Testing is priority #1 going forward.Wednesday, May 18, 2011
  62. 62. SUP DAWG I HEARD YOU LIKE TESTING GEMS SO I MADE A GEM TO TEST YOUR GEM AND WROTE TESTS FOR IT SO YOU CAN TEST MY GEM FOR TESTING YOUR GEM WHILE YOU TEST YOUR GEMWednesday, May 18, 2011
  63. 63. Help me. Please.Wednesday, May 18, 2011
  64. 64. Documentation (for contributors)Wednesday, May 18, 2011
  65. 65. ConvenienceWednesday, May 18, 2011
  66. 66. Massaging Pain PointsWednesday, May 18, 2011
  67. 67. Rails Integration (via a separate gem)Wednesday, May 18, 2011
  68. 68. Documentation (for users)Wednesday, May 18, 2011
  69. 69. Moar Strategies (written by not me)Wednesday, May 18, 2011
  70. 70. Moar Suggestions!Wednesday, May 18, 2011
  71. 71. Thanks! Questions? http://spkr8.com/t/7512 @mbleigh @intridea github.com/intridea/omniauthWednesday, May 18, 2011
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×