OmniAuth: From the Ground Up

14,586 views

Published on

Slides from my Red Dirt Ruby Conf 2011 talk about OmniAuth. Source code at https://github.com/mbleigh/omniauth-from-the-ground-up

Published in: Technology
0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
14,586
On SlideShare
0
From Embeds
0
Number of Embeds
11,065
Actions
Shares
0
Downloads
28
Comments
0
Likes
5
Embeds 0
No embeds

No notes for slide

OmniAuth: From the Ground Up

  1. 1. OmniAuth:From the Ground UpMichael Bleigh / Red Dirt Ruby Conf 2011
  2. 2. Michael Bleigh
  3. 3. @mbleigh
  4. 4. @intridea
  5. 5. OmniAuth!github.com/intridea/omniauth
  6. 6. Not JUST RailsIt’s Rack, Baby!
  7. 7. Login viaanything
  8. 8. Past.Present.Future.
  9. 9. Past!The why of OmniAuth
  10. 10. Why are thereso many Rubyauthentication solutions?
  11. 11. Assumptions.
  12. 12. I only need one User model.Users will sign up and provide a password.Only e-mail can validate users.I only need one authentication method.I’m only going to use Rails in my app.I don’t want to customize anything.
  13. 13. Magic in all thewrong places.
  14. 14. Can we do better?
  15. 15. I Need Auth MAGIC! User Info
  16. 16. OmniAuth
  17. 17. An expanding,normalized system for external authentication.
  18. 18. It takes a while tomake easy things. March 30, 2010 First Commit October 1, 2010 0.1.0 (public release)
  19. 19. 0.1.010 providers,3 contributors
  20. 20. 0.2.3 36 providers,52 contributors
  21. 21. 37signals Bit.ly CAS DailyMile Doit.im Dopplr Evernote FacebookFlickr Foursquare GitHub Goodreads Google Google Apps Gowalla HyvesIdenti.ca Instagram Instapaper LDAP LinkedIn Meetup Miso Mixi Netflix OpenID Salesforce SmugMug SoundCloud TeamBox TradeMe TripIt Tumblr Twitter Vimeo Vkontakte YouTube
  22. 22. Present!The how of OmniAuth
  23. 23. image via stopdropandrew.comLet’s kill the magic.
  24. 24. The Guts• OmniAuth is just middleware• Each provider is a strategy• Each strategy has three phases: • Setup Phase • Request Phase • Callback Phase
  25. 25. The User Info Hash{    “provider”  =>  “friendface”,    “uid”  =>  “123456”,    “user_info”  =>  {        “nickname”  =>  “mbleigh”,        “name”  =>  “Michael  Bleigh”,        “email”  =>  “michael@intridea.com”    },    “auth”  =>  {        “token”  =>  “120942310491asfas-­‐213-­‐0123”    }}
  26. 26. The Bare Minimum{    “provider”  =>  “minimal”,    “uid”  =>  “123456”,    “user_info”  =>  {        “name”  =>  “Michael  Bleigh”    }}
  27. 27. Setup Phase•Optional (:setup  =>  true)• Calls through to app to allow: • Dynamic provider credentials • Runtime strategy modification • Stuff I haven’t thought of
  28. 28. Request Phase /auth/:provider• Requests information of the user • For OAuth, redirects to provider • For OpenID, requests URL • For LDAP, requests user/pass
  29. 29. Callback Phase /auth/:provider/callback• Creates the user info hash• For OAuth, grabs and uses access token to fetch user info• For OpenID, parses the response• For LDAP, retrieves directory info
  30. 30. Roll your own!
  31. 31. Hell yeah! LightningLivecoding!
  32. 32. Future!The what now of OmniAuth
  33. 33. OmniAuth forinternal auth?
  34. 34. oa-identity• Treat internal auth like an external provider• Same flow (request, callback)• Customizable user info• Mission: RailsConf!
  35. 35. Playing evennicer with others.
  36. 36. RobusterRails integration.
  37. 37. oa-rails• Authentication model generator• Convenience hooks for building your stable of providers• An (optional) fully automatic engine-based auth flow
  38. 38. Dev Friendliness
  39. 39. [your  idea  here]
  40. 40. Thanks! http://spkr8.com/t/7281 @mbleigh @intrideagithub.com/intridea/omniauth

×