/ devise

Devise and integrating Omniauth with Devise

Devise is an authentication solution for Rails. It makes use of Warden which is Rack based authentication framework.

Steps to integrate Devise:

  1. Include devise gem in your gemfile.
 gem "devise"
  1. Run bundle install to install it.

  2. Generally, all the login related details are kept in User model. You are free to use any model name as per your needs. Here User model is used as an example. Generate User model using devise generator command:

 rails generate devise User
  
Above command will generate user model, migration for user and adds devise routes in _routes.rb_.

Now you are all set to use devise for authenticating users.

Devise also creates some helpers which you can use in controllers and views.

  1. If you want that a controller should be only be accessed if the user is authenticated, add given filter to controller.
 before_filter :authenticate_user!
  1. To get the record of logged in user, use helper method:
 current_user

(Note: If your devise model is named different say, Person, then use authenticated_person!, current_person, etc. helper methods)

For more information on Devise and customizing its views and controllers, visit: https://github.com/plataformatec/devise

Integration of Devise with Omniauth:

Devise also allows authenticating users via different social network sites (providers) like Facebook, Twitter, Linkedin, etc. by integrating support for Omniauth and its strategies.

The list of strategies are listed at: https://github.com/intridea/omniauth/wiki/List-of-Strategies

Following are the steps to integrate Omniauth with Facebook.
  1. First include following gems in your gemfile.
 gem 'omniauth'
gem 'oauth2'
gem 'omniauth-facebook'

If your provider is twitter use @gem 'omniauth-twitter'@, for linkedin use @gem 'omniauth-linkedin'@.

  1. Run bundle install to install there gems.

  2. Before moving ahead, make sure you have APP_ID and APP_SECRET tokens generated from Facebook.

Click here to generate these tokens for your app.

  1. Declare the provider in the initializer @config/initializer/omniauth.rb@
 Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, "APP_ID", "APP_SECRET"  
end
  1. Make your devise model(@app/models/user.rb@) omniauthable.
 devise :omniauthable
  1. You can now navigate to Facebook by clicking the link shown below:
 = link_to "Sign in with Facebook", "/auth/facebook"
  1. By clicking above link user will be redirected to facebook. After entering their facebook credentials, they will be redirected back to the our application. We must handle this callback by adding a route in @config/routes.rb@ to tell devise which controller is responsible for handling callbacks. The route to be added is:
 match '/auth/:provider/callback' => 'authentications#create'

Here authentications is the controller in which callback is handled.

  1. While handling callback, you can access user details logged-in via facebook using following request variable and create a user record against them.
 request.env["omniauth.auth"]

General practice while integrating Omniauth:

  1. Have a devise model name User.

  2. Create another model named Authentications with fields provider, uid, token, secret and an association with user model, so we have user_id as another column.

  3. Handle omniauth callback in registrations controller of devise. You need to override devise registrations controller for this.

  4. Check if this user is already present in database by checking authentications table for uid of the user. If present, simple login that user. If no record is found from authentication table, create one with its corresponding entry in User table and signin that user using registrations controller.