LsOmniauth

LsOmniauth is a Rails Engine that provides authentication via Google OAuth.

You can allow all users with a livingsocial.com or hungrymachine.com email address to access protected parts of your app.

You can also whitelist the email addresses that are authorized to access protected resources.

Getting Started

Note: There is a dummy application in spec/dummy where this setup is used.

Mount the engine

First off, we'll need to mount the engine in your config/routes.rb:

Dummy::Application.routes.draw do
  get 'public'  => 'public#index', as: :public_page
  get 'private' => 'private#index', as: :private_page

  mount LsOmniauth::Engine, at: "/auth", as: 'ls_omniauth' # <------ The engine will provide its functionality at /auth in your app
  root to: 'public#index'
end

Protect controllers

Adding the following lines to a controller will deny access to anyone who does not authenticate with a LivingSocial.com or HungryMachine.com address.

class SecureApplicationController < ApplicationController
  include LsOmniauth::OmniauthHelper
  before_filter { |c| c.require_authorization domains: ["livingsocial.com","hungrymachine.com"] }
end

Restrict access to only specific users

Add a config/ls-omniauth.yml file in your app using a format like this to define a general_access group. You can have several groups under authorized_users. Also note that the client id and secret configurations are a requirement as of version 2.0.0

client: &client
  client_id: 12345.apps.googleusercontent.com
  client_secret: 12345
development:
  <<: *client
  dev_mode: true
production:
  <<: *client
  authorized_users:
    general_access:
      - dan.rabinowitz@hungrymachine.com
      - tyler.montgomery@hungrymachine.com
    super_secret_access:
      - the.nsa@hungrymachine.com

Then, add the following lines to a controller:

class SecureApplicationController < ApplicationController
  include LsOmniauth::OmniauthHelper
  before_filter { |c| c.require_authorization group: "general_access" }
end

Dev Mode

It's recommended that for test and dev environments, you enable dev mode by setting the dev_mode key to true in ls-omniauth.yml

dev_mode: true

This will no-op the require_authorization method to prevent any live requests from being made while you're developing or testing.

Routes

LsOmniauth adds a sign_in and sign_out route for you. They will work at /auth/sign_in and /auth/sign_out (if you mount your app at in your routes at /auth).

These routes won't pollute your app's routes. You can access them in views or controllers almost like normal:

redirect_to ls_omniauth.sign_out_url # <---- notice the ls_omniauth prepended to the url helper

Redirect URL authorization

In order to use this gem, you'll need an active Google Oauth client id and client secret. Additionally, you'll need to add your application's redirect url to the list of OAuth authorized routes for that Oauth api client. You can find and edit those lists here:

• Digital Marketing

TODO:

Are we recreating the wheel here? Can this all be done with already-existing gems? Devise?

Is the return_uri code working? If not, can it be made to work?

License

This project rocks and uses MIT-LICENSE.