SlideShare a Scribd company logo
1 of 71
Download to read offline
OmniAuth:
                      From the Ground Up

                          Michael Bleigh / RailsConf 2011




Wednesday, May 18, 2011
Michael Bleigh


Wednesday, May 18, 2011
@mbleigh

Wednesday, May 18, 2011
@intridea

Wednesday, May 18, 2011
OmniAuth
                github.com/intridea/omniauth




Wednesday, May 18, 2011
Wednesday, May 18, 2011
OmniAuth!
                github.com/intridea/omniauth




Wednesday, May 18, 2011
Login with
                           anything

Wednesday, May 18, 2011
Assume
                               nothing*
                          *plus or minus a few small assumptions



Wednesday, May 18, 2011
Past.
                          Present.
                          Future.
Wednesday, May 18, 2011
Past!
                          The why of OmniAuth


Wednesday, May 18, 2011
Why are there
               so many #&@$!
                authentication
                  libraries?
Wednesday, May 18, 2011
devise
                       authlogic
                       clearance
                        sorcery
                restful-authentication,
                      and so on...
Wednesday, May 18, 2011
Assumptions.

Wednesday, May 18, 2011
I only need one User model.
        Users will sign up and provide a password.
        Only e-mail can validate users.
        I only need one authentication method.
        I’m only going to use Rails in my app.
        I don’t have variable deploy targets.
        I don’t want to customize much.

Wednesday, May 18, 2011
Wednesday, May 18, 2011
Wednesday, May 18, 2011
Can we do
                           better?
Wednesday, May 18, 2011
We need a single,
              normalized system
                          for authentication.


Wednesday, May 18, 2011
I Need Auth

                          MAGIC!




                             User Info
Wednesday, May 18, 2011
OmniAuth
Wednesday, May 18, 2011
It takes a while to
            make easy things.
                          March 30, 2010        First Commit


                          October 1, 2010   0.1.0 (public release)



Wednesday, May 18, 2011
October 1, 2010

                           0.1.0
                      10 providers,
                      3 contributors
Wednesday, May 18, 2011
April 21, 2011

                          0.2.3
                  36 providers,
                 52 contributors
Wednesday, May 18, 2011
Today

                          master
                  47 providers,
                 76 contributors
Wednesday, May 18, 2011
Wednesday, May 18, 2011
Present!        The now of OmniAuth


Wednesday, May 18, 2011
Wednesday, May 18, 2011
Good News!
                    We’re living in
                     the future*
              *or an unrealeased git branch beta thereof


Wednesday, May 18, 2011
gem ‘omniauth’,
          :git => ‘git://github.com/intridea/omniauth.git’,
          :branch => ‘1.0-beta’




Wednesday, May 18, 2011
@sferik

Wednesday, May 18, 2011
“...has commit access to just
          about every repo on GitHub”

                          - Josh Kalderimis



Wednesday, May 18, 2011
oa-identity
                          Login and Password with
                           OmniAuth Philosophy




Wednesday, May 18, 2011
Inevitable, but
                        difficult.

Wednesday, May 18, 2011
Avoiding
                          Assumptions

Wednesday, May 18, 2011
Do almost
                           nothing.

Wednesday, May 18, 2011
user model
                e-mail verify
                    fancy
               JUST IDENTITY
Wednesday, May 18, 2011
/auth/identity
           /auth/identity/callback
           /auth/identity/register

Wednesday, May 18, 2011
Identity in action?
                          Socialspring
                           Passport

Wednesday, May 18, 2011
Requirements
                   •      Social and traditional auth

                   •      Strict e-mail verification

                   •      Multiple e-mails, multiple authentications
                          per user

                   •      Flexible enough to work with LDAP etc. for
                          behind-the-firewall installs

                   •      Automatic account creation based on
                          confirmed email domains


Wednesday, May 18, 2011
Let’s see what
                      happens...

Wednesday, May 18, 2011
[ livecoding ]



Wednesday, May 18, 2011
OmniAuth as
                your only auth*
                          *if you like it that way, like I do.



Wednesday, May 18, 2011
OmniAuth as a
                   Framework

Wednesday, May 18, 2011
Perception

                          Perception


Wednesday, May 18, 2011
image via stopdropandrew.com




             Let’s kill the magic.
Wednesday, May 18, 2011
Reality




Wednesday, May 18, 2011
The Guts
                   • OmniAuth is just middleware
                   • Each provider is a strategy
                   • Each strategy is a class
                   • Each strategy has phases:
                    • Request Phase
                    • Callback Phase
Wednesday, May 18, 2011
The User Info Hash
      {
      	
  	
  “provider”	
  =>	
  “friendface”,
      	
  	
  “uid”	
  =>	
  “123456”,
      	
  	
  “user_info”	
  =>	
  {
      	
  	
  	
  	
  “nickname”	
  =>	
  “mbleigh”,
      	
  	
  	
  	
  “name”	
  =>	
  “Michael	
  Bleigh”,
      	
  	
  	
  	
  “email”	
  =>	
  “michael@intridea.com”
      	
  	
  },
      	
  	
  “credentials”	
  =>	
  {
      	
  	
  	
  	
  “token”	
  =>	
  “120942310491asfas-­‐213-­‐0123”
      	
  	
  }
      }

Wednesday, May 18, 2011
The Bare Minimum

      {
      	
  	
  “provider”	
  =>	
  “minimal”,
      	
  	
  “uid”	
  =>	
  “123456”,
      	
  	
  “user_info”	
  =>	
  {
      	
  	
  	
  	
  “name”	
  =>	
  “Michael	
  Bleigh”
      	
  	
  }
      }




Wednesday, May 18, 2011
Request Phase
                            /auth/:provider

                   • Requests information of the user
                    • For OAuth, redirects to provider
                    • For OpenID, requests URL
                    • For LDAP, requests user/pass

Wednesday, May 18, 2011
Callback Phase
                            /auth/:provider/callback

                   • Creates the user info hash
                   • For OAuth, grabs and uses access
                          token to fetch user info
                   • For OpenID, parses the response
                   • For LDAP, retrieves directory info
Wednesday, May 18, 2011
Enough talk.
                          Let’s BUILD!

Wednesday, May 18, 2011
[ livecoding ]



Wednesday, May 18, 2011
Future!
         The what’s next of OmniAuth


Wednesday, May 18, 2011
Fostering
                          Contribution

Wednesday, May 18, 2011
Testing


Wednesday, May 18, 2011
Y U NO HAVE TESTS?




Wednesday, May 18, 2011
API Calls with remote site
        interaction and credential
              requirements.

                   To 40+ different sites.

Wednesday, May 18, 2011
I had to choose:
                  Test it all, or
                release it ever.

Wednesday, May 18, 2011
Testing is
                     priority #1
                    going forward.

Wednesday, May 18, 2011
SUP DAWG I HEARD YOU LIKE TESTING GEMS




  SO I MADE A GEM TO TEST YOUR GEM AND WROTE
    TESTS FOR IT SO YOU CAN TEST MY GEM FOR
   TESTING YOUR GEM WHILE YOU TEST YOUR GEM
Wednesday, May 18, 2011
Help me. Please.


Wednesday, May 18, 2011
Documentation
         (for contributors)

Wednesday, May 18, 2011
Convenience


Wednesday, May 18, 2011
Massaging
                          Pain Points

Wednesday, May 18, 2011
Rails Integration
             (via a separate gem)


Wednesday, May 18, 2011
Documentation
                  (for users)

Wednesday, May 18, 2011
Moar Strategies
                          (written by not me)



Wednesday, May 18, 2011
Moar Suggestions!


Wednesday, May 18, 2011
Thanks! Questions?
                    http://spkr8.com/t/7512
                    @mbleigh @intridea
               github.com/intridea/omniauth

Wednesday, May 18, 2011

More Related Content

Similar to OmniAuth: From the Ground Up (RailsConf 2011)

Src2011 killer clouds
Src2011 killer cloudsSrc2011 killer clouds
Src2011 killer cloudsPaul Cameron
 
Teaching and Engaging Students
Teaching and Engaging StudentsTeaching and Engaging Students
Teaching and Engaging StudentsDanika Barker
 
Doctrine in the Real World
Doctrine in the Real WorldDoctrine in the Real World
Doctrine in the Real WorldJonathan Wage
 
Machines Talking To Themselves - Internet Of Things 101
Machines Talking To Themselves - Internet Of Things 101Machines Talking To Themselves - Internet Of Things 101
Machines Talking To Themselves - Internet Of Things 101Martin Spindler
 
RailsConf Keynote - History of Ruby
RailsConf Keynote - History of RubyRailsConf Keynote - History of Ruby
RailsConf Keynote - History of RubyDr Nic Williams
 
American Fraternal Alliance -- Keynote & Breakout
American Fraternal Alliance -- Keynote & BreakoutAmerican Fraternal Alliance -- Keynote & Breakout
American Fraternal Alliance -- Keynote & BreakoutNametag Scott Ginsberg
 
Yal bridge socent-examples
Yal bridge socent-examplesYal bridge socent-examples
Yal bridge socent-examplesRama Chakaki
 
10 Web Development Concepts a Designer Should Know
10 Web Development Concepts a Designer Should Know10 Web Development Concepts a Designer Should Know
10 Web Development Concepts a Designer Should KnowRachel Andrew
 
Writing for people
Writing for peopleWriting for people
Writing for peoplefreerobby
 
Cornell Food Executives - Rebecca Ryan Presentation
Cornell Food Executives - Rebecca Ryan PresentationCornell Food Executives - Rebecca Ryan Presentation
Cornell Food Executives - Rebecca Ryan PresentationRebecca Ryan
 
Migrating To Rails 3, An In-house Developers Perspective
Migrating To Rails 3, An In-house Developers PerspectiveMigrating To Rails 3, An In-house Developers Perspective
Migrating To Rails 3, An In-house Developers PerspectiveMark Johnson
 
Groovy 1.8 update - Guillaume Laforge - GR8Conf Europe 2011
Groovy 1.8 update - Guillaume Laforge - GR8Conf Europe 2011Groovy 1.8 update - Guillaume Laforge - GR8Conf Europe 2011
Groovy 1.8 update - Guillaume Laforge - GR8Conf Europe 2011Guillaume Laforge
 
GR8Conf 2011: Groovy 1.8 update
GR8Conf 2011: Groovy 1.8 updateGR8Conf 2011: Groovy 1.8 update
GR8Conf 2011: Groovy 1.8 updateGR8Conf
 
clipperz @ JSE2011
clipperz @ JSE2011clipperz @ JSE2011
clipperz @ JSE2011gcsolaroli
 
Doctrine In The Real World sflive2011 Paris
Doctrine In The Real World sflive2011 ParisDoctrine In The Real World sflive2011 Paris
Doctrine In The Real World sflive2011 ParisJonathan Wage
 
iPhone Python love affair
iPhone Python love affairiPhone Python love affair
iPhone Python love affairAnna Callahan
 
Create a Professional Blog with WordPress: Chapter 6 Customizing Your Sites w...
Create a Professional Blog with WordPress: Chapter 6 Customizing Your Sites w...Create a Professional Blog with WordPress: Chapter 6 Customizing Your Sites w...
Create a Professional Blog with WordPress: Chapter 6 Customizing Your Sites w...Atit Patumvan
 

Similar to OmniAuth: From the Ground Up (RailsConf 2011) (20)

Src2011 killer clouds
Src2011 killer cloudsSrc2011 killer clouds
Src2011 killer clouds
 
Teaching and Engaging Students
Teaching and Engaging StudentsTeaching and Engaging Students
Teaching and Engaging Students
 
beyond&behind
beyond&behindbeyond&behind
beyond&behind
 
Doctrine in the Real World
Doctrine in the Real WorldDoctrine in the Real World
Doctrine in the Real World
 
Machines Talking To Themselves - Internet Of Things 101
Machines Talking To Themselves - Internet Of Things 101Machines Talking To Themselves - Internet Of Things 101
Machines Talking To Themselves - Internet Of Things 101
 
RailsConf Keynote - History of Ruby
RailsConf Keynote - History of RubyRailsConf Keynote - History of Ruby
RailsConf Keynote - History of Ruby
 
American Fraternal Alliance -- Keynote & Breakout
American Fraternal Alliance -- Keynote & BreakoutAmerican Fraternal Alliance -- Keynote & Breakout
American Fraternal Alliance -- Keynote & Breakout
 
Yal bridge socent-examples
Yal bridge socent-examplesYal bridge socent-examples
Yal bridge socent-examples
 
10 Web Development Concepts a Designer Should Know
10 Web Development Concepts a Designer Should Know10 Web Development Concepts a Designer Should Know
10 Web Development Concepts a Designer Should Know
 
Writing for people
Writing for peopleWriting for people
Writing for people
 
Cornell Food Executives - Rebecca Ryan Presentation
Cornell Food Executives - Rebecca Ryan PresentationCornell Food Executives - Rebecca Ryan Presentation
Cornell Food Executives - Rebecca Ryan Presentation
 
Migrating To Rails 3, An In-house Developers Perspective
Migrating To Rails 3, An In-house Developers PerspectiveMigrating To Rails 3, An In-house Developers Perspective
Migrating To Rails 3, An In-house Developers Perspective
 
Groovy 1.8 update - Guillaume Laforge - GR8Conf Europe 2011
Groovy 1.8 update - Guillaume Laforge - GR8Conf Europe 2011Groovy 1.8 update - Guillaume Laforge - GR8Conf Europe 2011
Groovy 1.8 update - Guillaume Laforge - GR8Conf Europe 2011
 
GR8Conf 2011: Groovy 1.8 update
GR8Conf 2011: Groovy 1.8 updateGR8Conf 2011: Groovy 1.8 update
GR8Conf 2011: Groovy 1.8 update
 
clipperz @ JSE2011
clipperz @ JSE2011clipperz @ JSE2011
clipperz @ JSE2011
 
Webops dashboards
Webops dashboardsWebops dashboards
Webops dashboards
 
Doctrine In The Real World sflive2011 Paris
Doctrine In The Real World sflive2011 ParisDoctrine In The Real World sflive2011 Paris
Doctrine In The Real World sflive2011 Paris
 
iPhone Python love affair
iPhone Python love affairiPhone Python love affair
iPhone Python love affair
 
Create a Professional Blog with WordPress: Chapter 6 Customizing Your Sites w...
Create a Professional Blog with WordPress: Chapter 6 Customizing Your Sites w...Create a Professional Blog with WordPress: Chapter 6 Customizing Your Sites w...
Create a Professional Blog with WordPress: Chapter 6 Customizing Your Sites w...
 
layering theme
layering themelayering theme
layering theme
 

More from Michael Bleigh

OmniAuth: From the Ground Up
OmniAuth: From the Ground UpOmniAuth: From the Ground Up
OmniAuth: From the Ground UpMichael Bleigh
 
The Grapes of Rapid (RubyConf 2010)
The Grapes of Rapid (RubyConf 2010)The Grapes of Rapid (RubyConf 2010)
The Grapes of Rapid (RubyConf 2010)Michael Bleigh
 
Deciphering the Interoperable Web
Deciphering the Interoperable WebDeciphering the Interoperable Web
Deciphering the Interoperable WebMichael Bleigh
 
The Present Future of OAuth
The Present Future of OAuthThe Present Future of OAuth
The Present Future of OAuthMichael Bleigh
 
Persistence Smoothie: Blending SQL and NoSQL (RubyNation Edition)
Persistence  Smoothie: Blending SQL and NoSQL (RubyNation Edition)Persistence  Smoothie: Blending SQL and NoSQL (RubyNation Edition)
Persistence Smoothie: Blending SQL and NoSQL (RubyNation Edition)Michael Bleigh
 
Hacking the Mid-End (Great Lakes Ruby Bash Edition)
Hacking the Mid-End (Great Lakes Ruby Bash Edition)Hacking the Mid-End (Great Lakes Ruby Bash Edition)
Hacking the Mid-End (Great Lakes Ruby Bash Edition)Michael Bleigh
 

More from Michael Bleigh (10)

OmniAuth: From the Ground Up
OmniAuth: From the Ground UpOmniAuth: From the Ground Up
OmniAuth: From the Ground Up
 
The Grapes of Rapid (RubyConf 2010)
The Grapes of Rapid (RubyConf 2010)The Grapes of Rapid (RubyConf 2010)
The Grapes of Rapid (RubyConf 2010)
 
Upgrading to Rails 3
Upgrading to Rails 3Upgrading to Rails 3
Upgrading to Rails 3
 
Deciphering the Interoperable Web
Deciphering the Interoperable WebDeciphering the Interoperable Web
Deciphering the Interoperable Web
 
The Present Future of OAuth
The Present Future of OAuthThe Present Future of OAuth
The Present Future of OAuth
 
Node.js and Ruby
Node.js and RubyNode.js and Ruby
Node.js and Ruby
 
Persistence Smoothie: Blending SQL and NoSQL (RubyNation Edition)
Persistence  Smoothie: Blending SQL and NoSQL (RubyNation Edition)Persistence  Smoothie: Blending SQL and NoSQL (RubyNation Edition)
Persistence Smoothie: Blending SQL and NoSQL (RubyNation Edition)
 
Persistence Smoothie
Persistence SmoothiePersistence Smoothie
Persistence Smoothie
 
Twitter on Rails
Twitter on RailsTwitter on Rails
Twitter on Rails
 
Hacking the Mid-End (Great Lakes Ruby Bash Edition)
Hacking the Mid-End (Great Lakes Ruby Bash Edition)Hacking the Mid-End (Great Lakes Ruby Bash Edition)
Hacking the Mid-End (Great Lakes Ruby Bash Edition)
 

Recently uploaded

Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 

Recently uploaded (20)

Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 

OmniAuth: From the Ground Up (RailsConf 2011)

  • 1. OmniAuth: From the Ground Up Michael Bleigh / RailsConf 2011 Wednesday, May 18, 2011
  • 5. OmniAuth github.com/intridea/omniauth Wednesday, May 18, 2011
  • 7. OmniAuth! github.com/intridea/omniauth Wednesday, May 18, 2011
  • 8. Login with anything Wednesday, May 18, 2011
  • 9. Assume nothing* *plus or minus a few small assumptions Wednesday, May 18, 2011
  • 10. Past. Present. Future. Wednesday, May 18, 2011
  • 11. Past! The why of OmniAuth Wednesday, May 18, 2011
  • 12. Why are there so many #&@$! authentication libraries? Wednesday, May 18, 2011
  • 13. devise authlogic clearance sorcery restful-authentication, and so on... Wednesday, May 18, 2011
  • 15. I only need one User model. Users will sign up and provide a password. Only e-mail can validate users. I only need one authentication method. I’m only going to use Rails in my app. I don’t have variable deploy targets. I don’t want to customize much. Wednesday, May 18, 2011
  • 18. Can we do better? Wednesday, May 18, 2011
  • 19. We need a single, normalized system for authentication. Wednesday, May 18, 2011
  • 20. I Need Auth MAGIC! User Info Wednesday, May 18, 2011
  • 22. It takes a while to make easy things. March 30, 2010 First Commit October 1, 2010 0.1.0 (public release) Wednesday, May 18, 2011
  • 23. October 1, 2010 0.1.0 10 providers, 3 contributors Wednesday, May 18, 2011
  • 24. April 21, 2011 0.2.3 36 providers, 52 contributors Wednesday, May 18, 2011
  • 25. Today master 47 providers, 76 contributors Wednesday, May 18, 2011
  • 27. Present! The now of OmniAuth Wednesday, May 18, 2011
  • 29. Good News! We’re living in the future* *or an unrealeased git branch beta thereof Wednesday, May 18, 2011
  • 30. gem ‘omniauth’, :git => ‘git://github.com/intridea/omniauth.git’, :branch => ‘1.0-beta’ Wednesday, May 18, 2011
  • 32. “...has commit access to just about every repo on GitHub” - Josh Kalderimis Wednesday, May 18, 2011
  • 33. oa-identity Login and Password with OmniAuth Philosophy Wednesday, May 18, 2011
  • 34. Inevitable, but difficult. Wednesday, May 18, 2011
  • 35. Avoiding Assumptions Wednesday, May 18, 2011
  • 36. Do almost nothing. Wednesday, May 18, 2011
  • 37. user model e-mail verify fancy JUST IDENTITY Wednesday, May 18, 2011
  • 38. /auth/identity /auth/identity/callback /auth/identity/register Wednesday, May 18, 2011
  • 39. Identity in action? Socialspring Passport Wednesday, May 18, 2011
  • 40. Requirements • Social and traditional auth • Strict e-mail verification • Multiple e-mails, multiple authentications per user • Flexible enough to work with LDAP etc. for behind-the-firewall installs • Automatic account creation based on confirmed email domains Wednesday, May 18, 2011
  • 41. Let’s see what happens... Wednesday, May 18, 2011
  • 43. OmniAuth as your only auth* *if you like it that way, like I do. Wednesday, May 18, 2011
  • 44. OmniAuth as a Framework Wednesday, May 18, 2011
  • 45. Perception Perception Wednesday, May 18, 2011
  • 46. image via stopdropandrew.com Let’s kill the magic. Wednesday, May 18, 2011
  • 48. The Guts • OmniAuth is just middleware • Each provider is a strategy • Each strategy is a class • Each strategy has phases: • Request Phase • Callback Phase Wednesday, May 18, 2011
  • 49. The User Info Hash {    “provider”  =>  “friendface”,    “uid”  =>  “123456”,    “user_info”  =>  {        “nickname”  =>  “mbleigh”,        “name”  =>  “Michael  Bleigh”,        “email”  =>  “michael@intridea.com”    },    “credentials”  =>  {        “token”  =>  “120942310491asfas-­‐213-­‐0123”    } } Wednesday, May 18, 2011
  • 50. The Bare Minimum {    “provider”  =>  “minimal”,    “uid”  =>  “123456”,    “user_info”  =>  {        “name”  =>  “Michael  Bleigh”    } } Wednesday, May 18, 2011
  • 51. Request Phase /auth/:provider • Requests information of the user • For OAuth, redirects to provider • For OpenID, requests URL • For LDAP, requests user/pass Wednesday, May 18, 2011
  • 52. Callback Phase /auth/:provider/callback • Creates the user info hash • For OAuth, grabs and uses access token to fetch user info • For OpenID, parses the response • For LDAP, retrieves directory info Wednesday, May 18, 2011
  • 53. Enough talk. Let’s BUILD! Wednesday, May 18, 2011
  • 55. Future! The what’s next of OmniAuth Wednesday, May 18, 2011
  • 56. Fostering Contribution Wednesday, May 18, 2011
  • 58. Y U NO HAVE TESTS? Wednesday, May 18, 2011
  • 59. API Calls with remote site interaction and credential requirements. To 40+ different sites. Wednesday, May 18, 2011
  • 60. I had to choose: Test it all, or release it ever. Wednesday, May 18, 2011
  • 61. Testing is priority #1 going forward. Wednesday, May 18, 2011
  • 62. SUP DAWG I HEARD YOU LIKE TESTING GEMS SO I MADE A GEM TO TEST YOUR GEM AND WROTE TESTS FOR IT SO YOU CAN TEST MY GEM FOR TESTING YOUR GEM WHILE YOU TEST YOUR GEM Wednesday, May 18, 2011
  • 64. Documentation (for contributors) Wednesday, May 18, 2011
  • 66. Massaging Pain Points Wednesday, May 18, 2011
  • 67. Rails Integration (via a separate gem) Wednesday, May 18, 2011
  • 68. Documentation (for users) Wednesday, May 18, 2011
  • 69. Moar Strategies (written by not me) Wednesday, May 18, 2011
  • 71. Thanks! Questions? http://spkr8.com/t/7512 @mbleigh @intridea github.com/intridea/omniauth Wednesday, May 18, 2011