exvo-auth 0.12.1 → 0.12.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,108 @@
1
+ #OAuth2
2
+
3
+ - Get familiar with OmniAuth by Intridea: http://github.com/intridea/omniauth. Read about OAuth2.
4
+ - Obtain client_id and client_secret for your app from Exvo.
5
+ - Install exvo-auth gem or add it to your Gemfile.
6
+
7
+
8
+ ##Configure middleware.
9
+
10
+ In Rails, the relevant lines could look like this:
11
+
12
+ ExvoAuth::Config.client_id = "foo"
13
+ ExvoAuth::Config.client_secret = "bar"
14
+ ExvoAuth::Config.debug = true # dumps all HTTP traffic to STDERR, useful during development.
15
+ config.middleware.use ExvoAuth::Middleware
16
+
17
+
18
+ ##Add routes.
19
+
20
+ The following comes from Rails config/routes.rb file:
21
+
22
+ match "/auth/failure" => "sessions#failure"
23
+ match "/auth/interactive/callback" => "sessions#create"
24
+ match "/auth/non_interactive/callback" => "sessions#create" # only if you use json-based login
25
+ match "/sign_out" => "sessions#destroy"
26
+
27
+ Failure url is called whenever there's a failure (d'oh).
28
+ You can have separate callbacks for interactive and non-interactive
29
+ callback routes but you can also route both callbacks to the same controller method
30
+ like shown above.
31
+
32
+ ##Include controller helpers into your application controller.
33
+
34
+ include ExvoAuth::Controllers::Rails (or Merb)
35
+
36
+ ##Implement a sessions controller.
37
+
38
+ Sample implementation (Rails):
39
+
40
+ class SessionsController < ApplicationController
41
+ def create
42
+ sign_in_and_redirect!
43
+ end
44
+
45
+ def destroy
46
+ sign_out_and_redirect!
47
+ end
48
+
49
+ def failure
50
+ render :text => "Sorry!"
51
+ end
52
+ end
53
+
54
+ ##Implement #find_or_create_user_by_uid(uid) in your Application Controller.
55
+
56
+ This method will be called by #current_user. Previously we did this in sessions_controller but since the sharing sessions changes this controller
57
+ will not be used in most cases because the session comes from another app through a shared cookie. This method should find user by uid or create it.
58
+ Additional info (emails, etc) can be obtained using auth api (/users/uid.json path).
59
+
60
+ In short: you get params[:auth]. Do what you want to do with it: store the data, create session, etc.
61
+
62
+
63
+ ##Sign up and sign in paths for use in links.
64
+
65
+ sign in path: "/auth/interactive"
66
+ sign up path: "/auth/interactive?x_sign_up=true" # this is OAuth2 custom param
67
+ sign in path with a return address: "/auth/interactive?state=url" # using OAuth2 state param
68
+
69
+ You have a handy methods available in controllers (and views in Rails): sign_in_path and sign_up_path.
70
+
71
+ ##Read the source, there are few features not mentioned in this README.
72
+
73
+
74
+ #Inter-Application Communication
75
+
76
+ You need to have "App Authorization" created by Exvo first.
77
+ Contact us and provide following details:
78
+
79
+ - consumer_id - Id of an app that will be a consumer (this is you)
80
+ - provider_id - Id of the provider app
81
+ - scope - The tag associated with the api you want to use in the provider app
82
+
83
+ ##Consumer side
84
+
85
+ consumer = ExvoAuth::Autonomous::Consumer.new(
86
+ :app_id => "this is client_id of the app you want to connect to"
87
+ )
88
+ consumer.get(*args) - interface is exactly the same like in HTTParty. All http methods are available (post, put, delete, head, options).
89
+
90
+ ##Provider side
91
+
92
+ See #authenticate_app_in_scope!(scope) method in ExvoAuth::Controllers::Rails (or Merb). This method lets you create a before filter.
93
+ Scopes are used by providing app to check if a given consuming app should have access to a given resource inside a scope.
94
+ If scopes are empty, then provider app should not present any resources to consumer.
95
+
96
+ ##Example of the before filter for provider controller:
97
+
98
+ before_filter {|c| c.authenticate_app_in_scope!("payments") }
99
+
100
+ In provider controller which is just a fancy name for API controller you can use #current_app_id method to get the app_id of the app connecting.
101
+
102
+
103
+ #Dejavu - replay non-GET requests after authentication redirects
104
+
105
+ ##Limitations:
106
+
107
+ - doesn't work with file uploads
108
+ - all request params become query params when replayed
@@ -1,6 +1,6 @@
1
1
  module ExvoAuth::Controllers::Base
2
2
  # A before filter to protect your sensitive actions.
3
- def authenticate_user!
3
+ def authenticate_user!(opts = {})
4
4
  if !signed_in?
5
5
  store_request!
6
6
 
@@ -10,7 +10,7 @@ module ExvoAuth::Controllers::Base
10
10
  if callback_value
11
11
  redirect_to non_interactive_sign_in_path(callback_key => callback_value)
12
12
  else
13
- redirect_to sign_up_path # for the first few weekes. after that, change back to: sign_in_path
13
+ redirect_to opts[:redirect_to] || sign_in_path
14
14
  end
15
15
  end
16
16
  end
@@ -1,3 +1,3 @@
1
1
  module ExvoAuth
2
- VERSION = "0.12.1"
2
+ VERSION = "0.12.2"
3
3
  end
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: exvo-auth
3
3
  version: !ruby/object:Gem::Version
4
- hash: 45
4
+ hash: 43
5
5
  prerelease: false
6
6
  segments:
7
7
  - 0
8
8
  - 12
9
- - 1
10
- version: 0.12.1
9
+ - 2
10
+ version: 0.12.2
11
11
  platform: ruby
12
12
  authors:
13
13
  - Jacek Becela
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2011-02-14 00:00:00 +01:00
18
+ date: 2011-09-19 00:00:00 +02:00
19
19
  default_executable:
20
20
  dependencies:
21
21
  - !ruby/object:Gem::Dependency
@@ -142,7 +142,7 @@ extra_rdoc_files: []
142
142
  files:
143
143
  - .gitignore
144
144
  - Gemfile
145
- - README
145
+ - README.markdown
146
146
  - Rakefile
147
147
  - exvo-auth.gemspec
148
148
  - lib/exvo-auth.rb
data/README DELETED
@@ -1,119 +0,0 @@
1
- OAuth2
2
- ======
3
-
4
- -1. Get familiar with OmniAuth by Intridea: http://github.com/intridea/omniauth. Read about OAuth2.
5
-
6
-
7
- 0. Obtain client_id and client_secret for your app from Exvo.
8
-
9
-
10
- 1. Install exvo-auth gem or add it to your Gemfile.
11
-
12
-
13
- 2. Configure middleware.
14
-
15
- In Rails, the relevant lines could look like this:
16
-
17
- ExvoAuth::Config.client_id = "foo"
18
- ExvoAuth::Config.client_secret = "bar"
19
- ExvoAuth::Config.debug = true # dumps all HTTP traffic to STDERR, useful during development.
20
- config.middleware.use ExvoAuth::Middleware
21
-
22
-
23
- 3. Add routes.
24
-
25
- The following comes from Rails config/routes.rb file:
26
-
27
- match "/auth/failure" => "sessions#failure"
28
- match "/auth/interactive/callback" => "sessions#create"
29
- match "/auth/non_interactive/callback" => "sessions#create" # only if you use json-based login
30
- match "/sign_out" => "sessions#destroy"
31
-
32
- Failure url is called whenever there's a failure (d'oh).
33
- You can have separate callbacks for interactive and non-interactive
34
- callback routes but you can also route both callbacks to the same controller method
35
- like shown above.
36
-
37
- 4. Include controller helpers into your application controller.
38
-
39
- include ExvoAuth::Controllers::Rails (or Merb)
40
-
41
- 5. Implement a sessions controller.
42
-
43
- Sample implementation (Rails):
44
-
45
- class SessionsController < ApplicationController
46
- def create
47
- sign_in_and_redirect!
48
- end
49
-
50
- def destroy
51
- sign_out_and_redirect!
52
- end
53
-
54
- def failure
55
- render :text => "Sorry!"
56
- end
57
- end
58
-
59
-
60
- 6. Implement #find_or_create_user_by_uid(uid) in your Application Controller.
61
-
62
- This method will be called by #current_user. Previously we did this in sessions_controller but since the sharing sessions changes this controller
63
- will not be used in most cases because the session comes from another app through a shared cookie. This method should find user by uid or create it.
64
- Additional info (emails, etc) can be obtained using auth api (/users/uid.json path).
65
-
66
-
67
- In short: you get params[:auth]. Do what you want to do with it: store the data, create session, etc.
68
-
69
-
70
- 7. Sign up and sign in paths for use in links.
71
-
72
- sign in path: "/auth/interactive"
73
- sign up path: "/auth/interactive?x_sign_up=true" # this is OAuth2 custom param
74
- sign in path with a return address: "/auth/interactive?state=url" # using OAuth2 state param
75
-
76
- You have a handy methods available in controllers (and views in Rails): sign_in_path and sign_up_path.
77
-
78
-
79
- 8. Read the source, there are few features not mentioned in this README.
80
-
81
-
82
- Inter-Application Communication
83
- ===============================
84
-
85
- You need to have "App Authorization" created by Exvo first.
86
- Contact us and provide following details:
87
-
88
- * consumer_id - Id of an app that will be a consumer (this is you)
89
- * provider_id - Id of the provider app
90
- * scope - The tag associated with the api you want to use in the provider app
91
-
92
- # Consumer side
93
-
94
- consumer = ExvoAuth::Autonomous::Consumer.new(
95
- :app_id => "this is client_id of the app you want to connect to"
96
- )
97
- consumer.get(*args) - interface is exactly the same like in HTTParty. All http methods are available (post, put, delete, head, options).
98
-
99
-
100
- # Provider side
101
-
102
- See #authenticate_app_in_scope!(scope) method in ExvoAuth::Controllers::Rails (or Merb). This method lets you create a before filter.
103
- Scopes are used by providing app to check if a given consuming app should have access to a given resource inside a scope.
104
- If scopes are empty, then provider app should not present any resources to consumer.
105
-
106
- # Example of the before filter for provider controller:
107
-
108
- before_filter {|c| c.authenticate_app_in_scope!("payments") }
109
-
110
- In provider controller which is just a fancy name for API controller you can use #current_app_id method to get the app_id of the app connecting.
111
-
112
-
113
- Dejavu - replay non-GET requests after authentication redirects
114
- ===============================================================
115
-
116
- Limitations:
117
-
118
- * doesn't work with file uploads
119
- * all request params become query params when replayed