omniauth-google-oauth2 0.4.1 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +20 -0
- data/.travis.yml +4 -12
- data/CHANGELOG.md +17 -0
- data/Gemfile +2 -4
- data/README.md +85 -83
- data/Rakefile +3 -2
- data/examples/Gemfile +4 -2
- data/examples/config.ru +82 -7
- data/examples/omni_auth.rb +8 -20
- data/lib/omniauth-google-oauth2.rb +3 -1
- data/lib/omniauth/google_oauth2.rb +3 -1
- data/lib/omniauth/google_oauth2/version.rb +3 -1
- data/lib/omniauth/strategies/google_oauth2.rb +64 -52
- data/omniauth-google-oauth2.gemspec +17 -11
- data/spec/omniauth/strategies/google_oauth2_spec.rb +206 -120
- data/spec/rubocop_spec.rb +9 -0
- data/spec/spec_helper.rb +3 -1
- metadata +31 -15
- data/examples/auth.js +0 -43
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 65ffc15faaed3d23a1c4a7ca2d5fa07f8ffda0f5
|
4
|
+
data.tar.gz: 6c70bafaec2478b78b8293bca662a898d4d4e019
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 55b5b27e600710e73ddd27d4ec9886faed3d76a2909f05090e46da59bde030d5e2cc567ac3a92d213fc9737a3938be4c1507d7f9631d8cfbd1b1962a87ca56b9
|
7
|
+
data.tar.gz: f4091407c27f7fb9d05751a927cd2963f2f9447e7ad8ce9af32f2769bc5759f0a0dc488a273ea79b32bd56e44fd5a9f2e4ffc177e96fac096a9bc93400368b71
|
data/.rubocop.yml
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
ClassLength:
|
2
|
+
Enabled: false
|
3
|
+
Layout/IndentHeredoc:
|
4
|
+
Enabled: false
|
5
|
+
Metrics/AbcSize:
|
6
|
+
Enabled: false
|
7
|
+
Metrics/BlockLength:
|
8
|
+
ExcludedMethods: ['describe', 'context']
|
9
|
+
Metrics/CyclomaticComplexity:
|
10
|
+
Enabled: false
|
11
|
+
Metrics/LineLength:
|
12
|
+
Enabled: false
|
13
|
+
Metrics/MethodLength:
|
14
|
+
Enabled: false
|
15
|
+
Metrics/PerceivedComplexity:
|
16
|
+
Enabled: false
|
17
|
+
Style/FileName:
|
18
|
+
Enabled: false
|
19
|
+
Style/MutableConstant:
|
20
|
+
Enabled: false
|
data/.travis.yml
CHANGED
@@ -1,14 +1,6 @@
|
|
1
|
-
before_install:
|
2
|
-
- gem update --system 2.1.11
|
3
1
|
language: ruby
|
4
2
|
rvm:
|
5
|
-
-
|
6
|
-
-
|
7
|
-
-
|
8
|
-
-
|
9
|
-
- "rbx"
|
10
|
-
- "jruby"
|
11
|
-
matrix:
|
12
|
-
allow_failures:
|
13
|
-
- rvm: "rbx"
|
14
|
-
- rvm: "jruby"
|
3
|
+
- '2.1.10'
|
4
|
+
- '2.2.7'
|
5
|
+
- '2.3.4'
|
6
|
+
- '2.4.1'
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,23 @@
|
|
1
1
|
# Changelog
|
2
2
|
All notable changes to this project will be documented in this file.
|
3
3
|
|
4
|
+
## 0.5.0 - 2017-05-29
|
5
|
+
|
6
|
+
### Added
|
7
|
+
- Rubocop checks to specs.
|
8
|
+
- Defaulted dev environment to ruby 2.3.4.
|
9
|
+
|
10
|
+
### Deprecated
|
11
|
+
- Nothing.
|
12
|
+
|
13
|
+
### Removed
|
14
|
+
- Testing support for older versions of ruby not supported by OmniAuth 1.5.
|
15
|
+
- Key `[:urls]['Google']` no longer exists, it has been renamed to `[:urls][:google]`.
|
16
|
+
|
17
|
+
### Fixed
|
18
|
+
- Updated all code to rubocop conventions. This includes the Ruby 1.9 hash syntax when appropriate.
|
19
|
+
- Example javascript flow now picks up ENV vars for google key and secret.
|
20
|
+
|
4
21
|
## 0.4.1 - 2016-03-14
|
5
22
|
|
6
23
|
### Added
|
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
[![Gem Version](https://badge.fury.io/rb/omniauth-google-oauth2.svg)](https://badge.fury.io/rb/omniauth-google-oauth2)
|
2
|
-
[![Build Status](https://travis-ci.org/zquestz/omniauth-google-oauth2.
|
2
|
+
[![Build Status](https://travis-ci.org/zquestz/omniauth-google-oauth2.svg)](https://travis-ci.org/zquestz/omniauth-google-oauth2)
|
3
3
|
|
4
4
|
# OmniAuth Google OAuth2 Strategy
|
5
5
|
|
@@ -7,7 +7,7 @@ Strategy to authenticate with Google via OAuth2 in OmniAuth.
|
|
7
7
|
|
8
8
|
Get your API key at: https://code.google.com/apis/console/ Note the Client ID and the Client Secret.
|
9
9
|
|
10
|
-
**Note**: You must enable the "Contacts API" and "Google+ API" via the Google API console. Otherwise, you will receive an `OAuth2::Error` stating that access is not configured when you attempt to authenticate.
|
10
|
+
**Note**: You must enable the "Contacts API" and "Google+ API" via the Google API console. Otherwise, you will receive an `OAuth2::Error`(`Error: "Invalid credentials"`) stating that access is not configured when you attempt to authenticate.
|
11
11
|
|
12
12
|
For more details, read the Google docs: https://developers.google.com/accounts/docs/OAuth2
|
13
13
|
|
@@ -16,7 +16,7 @@ For more details, read the Google docs: https://developers.google.com/accounts/d
|
|
16
16
|
Add to your `Gemfile`:
|
17
17
|
|
18
18
|
```ruby
|
19
|
-
gem
|
19
|
+
gem 'omniauth-google-oauth2'
|
20
20
|
```
|
21
21
|
|
22
22
|
Then `bundle install`.
|
@@ -36,7 +36,7 @@ Here's an example for adding the middleware to a Rails app in `config/initialize
|
|
36
36
|
|
37
37
|
```ruby
|
38
38
|
Rails.application.config.middleware.use OmniAuth::Builder do
|
39
|
-
provider :google_oauth2, ENV[
|
39
|
+
provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET']
|
40
40
|
end
|
41
41
|
```
|
42
42
|
|
@@ -44,15 +44,18 @@ You can now access the OmniAuth Google OAuth2 URL: `/auth/google_oauth2`
|
|
44
44
|
|
45
45
|
For more examples please check out `examples/omni_auth.rb`
|
46
46
|
|
47
|
-
NOTE: While developing your application, if you change the scope in the initializer you will need to restart your app server. Remember that 'email'
|
47
|
+
NOTE: While developing your application, if you change the scope in the initializer you will need to restart your app server. Remember that either the 'email' or 'profile' scope is required!
|
48
48
|
|
49
49
|
## Configuration
|
50
50
|
|
51
51
|
You can configure several options, which you pass in to the `provider` method via a hash:
|
52
52
|
|
53
53
|
* `scope`: A comma-separated list of permissions you want to request from the user. See the [Google OAuth 2.0 Playground](https://developers.google.com/oauthplayground/) for a full list of available permissions. Caveats:
|
54
|
-
* The `email` and `profile` scopes are used by default. By defining your own `scope`, you override these defaults
|
54
|
+
* The `email` and `profile` scopes are used by default. By defining your own `scope`, you override these defaults, but Google requires at least one of `email` or `profile`, so make sure to add at least one of them to your scope!
|
55
55
|
* Scopes starting with `https://www.googleapis.com/auth/` do not need that prefix specified. So while you can use the smaller scope `books` since that permission starts with the mentioned prefix, you should use the full scope URL `https://docs.google.com/feeds/` to access a user's docs, for example.
|
56
|
+
|
57
|
+
* `redirect_uri`: Override the redirect_uri used by the gem.
|
58
|
+
|
56
59
|
* `prompt`: A space-delimited list of string values that determines whether the user is re-prompted for authentication and/or consent. Possible values are:
|
57
60
|
* `none`: No authentication or consent pages will be displayed; it will return an error if the user is not already authenticated and has not pre-configured consent for the requested scopes. This can be used as a method to check for existing authentication and/or consent.
|
58
61
|
* `consent`: The user will always be prompted for consent, even if he has previously allowed access a given set of scopes.
|
@@ -80,7 +83,7 @@ You can configure several options, which you pass in to the `provider` method vi
|
|
80
83
|
|
81
84
|
* `login_hint`: When your app knows which user it is trying to authenticate, it can provide this parameter as a hint to the authentication server. Passing this hint suppresses the account chooser and either pre-fill the email box on the sign-in form, or select the proper session (if the user is using multiple sign-in), which can help you avoid problems that occur if your app logs in the wrong user account. The value can be either an email address or the sub string, which is equivalent to the user's Google+ ID.
|
82
85
|
|
83
|
-
* `include_granted_scopes`: If this is provided with the value true, and the authorization request is granted, the authorization will include any previous authorizations granted to this user/application combination for other scopes. See Google's [Incremental
|
86
|
+
* `include_granted_scopes`: If this is provided with the value true, and the authorization request is granted, the authorization will include any previous authorizations granted to this user/application combination for other scopes. See Google's [Incremental Authorization](https://developers.google.com/accounts/docs/OAuth2WebServer#incrementalAuth) for additional details.
|
84
87
|
|
85
88
|
* `openid_realm`: Set the OpenID realm value, to allow upgrading from OpenID based authentication to OAuth 2 based authentication. When this is set correctly an `openid_id` value will be set in `[:extra][:id_info]` in the authentication hash with the value of the user's OpenID ID URL.
|
86
89
|
|
@@ -88,66 +91,69 @@ Here's an example of a possible configuration where the strategy name is changed
|
|
88
91
|
|
89
92
|
```ruby
|
90
93
|
Rails.application.config.middleware.use OmniAuth::Builder do
|
91
|
-
provider :google_oauth2, ENV[
|
94
|
+
provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET'],
|
92
95
|
{
|
93
|
-
:
|
94
|
-
:
|
95
|
-
:
|
96
|
-
:
|
97
|
-
:
|
96
|
+
name: 'google',
|
97
|
+
scope: 'email, profile, plus.me, http://gdata.youtube.com',
|
98
|
+
prompt: 'select_account',
|
99
|
+
image_aspect_ratio: 'square',
|
100
|
+
image_size: 50
|
98
101
|
}
|
99
102
|
end
|
100
103
|
```
|
101
104
|
|
102
105
|
## Auth Hash
|
103
106
|
|
104
|
-
Here's an example of an authentication hash available in the callback by accessing `request.env[
|
107
|
+
Here's an example of an authentication hash available in the callback by accessing `request.env['omniauth.auth']`:
|
105
108
|
|
106
109
|
```ruby
|
107
110
|
{
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
111
|
+
"provider" => "google_oauth2",
|
112
|
+
"uid" => "100000000000000000000",
|
113
|
+
"info" => {
|
114
|
+
"name" => "John Smith",
|
115
|
+
"email" => "john@example.com",
|
116
|
+
"first_name" => "John",
|
117
|
+
"last_name" => "Smith",
|
118
|
+
"image" => "https://lh4.googleusercontent.com/photo.jpg",
|
119
|
+
"urls" => {
|
120
|
+
"google" => "https://plus.google.com/+JohnSmith"
|
121
|
+
}
|
122
|
+
},
|
123
|
+
"credentials" => {
|
124
|
+
"token" => "TOKEN",
|
125
|
+
"refresh_token" => "REFRESH_TOKEN",
|
126
|
+
"expires_at" => 1496120719,
|
127
|
+
"expires" => true
|
128
|
+
},
|
129
|
+
"extra" => {
|
130
|
+
"id_token" => "ID_TOKEN",
|
131
|
+
"id_info" => {
|
132
|
+
"azp" => "APP_ID",
|
133
|
+
"aud" => "APP_ID",
|
134
|
+
"sub" => "100000000000000000000",
|
135
|
+
"email" => "john@example.com",
|
136
|
+
"email_verified" => true,
|
137
|
+
"at_hash" => "HK6E_P6Dh8Y93mRNtsDB1Q",
|
138
|
+
"iss" => "accounts.google.com",
|
139
|
+
"iat" => 1496117119,
|
140
|
+
"exp" => 1496120719
|
122
141
|
},
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
:hd => "company_name.com"
|
137
|
-
},
|
138
|
-
:id_info => {
|
139
|
-
"iss" => "accounts.google.com",
|
140
|
-
"at_hash" => "HK6E_P6Dh8Y93mRNtsDB1Q",
|
141
|
-
"email_verified" => "true",
|
142
|
-
"sub" => "10769150350006150715113082367",
|
143
|
-
"azp" => "APP_ID",
|
144
|
-
"email" => "jsmith@example.com",
|
145
|
-
"aud" => "APP_ID",
|
146
|
-
"iat" => 1353601026,
|
147
|
-
"exp" => 1353604926,
|
148
|
-
"openid_id" => "https://www.google.com/accounts/o8/id?id=ABCdfdswawerSDFDsfdsfdfjdsf"
|
149
|
-
}
|
142
|
+
"raw_info" => {
|
143
|
+
"kind" => "plus#personOpenIdConnect",
|
144
|
+
"gender" => "male",
|
145
|
+
"sub" => "100000000000000000000",
|
146
|
+
"name" => "John Smith",
|
147
|
+
"given_name" => "John",
|
148
|
+
"family_name" => "Smith",
|
149
|
+
"profile" => "https://plus.google.com/+JohnSmith",
|
150
|
+
"picture" => "https://lh4.googleusercontent.com/photo.jpg?sz=50",
|
151
|
+
"email" => "john@example.com",
|
152
|
+
"email_verified" => "true",
|
153
|
+
"locale" => "en",
|
154
|
+
"hd" => "company.com"
|
150
155
|
}
|
156
|
+
}
|
151
157
|
}
|
152
158
|
```
|
153
159
|
|
@@ -155,20 +161,22 @@ Here's an example of an authentication hash available in the callback by accessi
|
|
155
161
|
|
156
162
|
First define your application id and secret in `config/initializers/devise.rb`. Do not use the snippet mentioned in the [Usage](https://github.com/zquestz/omniauth-google-oauth2#usage) section.
|
157
163
|
|
164
|
+
Configuration options can be passed as the last parameter here as key/value pairs.
|
165
|
+
|
158
166
|
```ruby
|
159
|
-
config.omniauth :google_oauth2,
|
167
|
+
config.omniauth :google_oauth2, 'GOOGLE_CLIENT_ID', 'GOOGLE_CLIENT_SECRET', {}
|
160
168
|
```
|
161
169
|
|
162
170
|
Then add the following to 'config/routes.rb' so the callback routes are defined.
|
163
171
|
|
164
172
|
```ruby
|
165
|
-
devise_for :users, :
|
173
|
+
devise_for :users, controllers: { omniauth_callbacks: 'users/omniauth_callbacks' }
|
166
174
|
```
|
167
175
|
|
168
176
|
Make sure your model is omniauthable. Generally this is "/app/models/user.rb"
|
169
177
|
|
170
178
|
```ruby
|
171
|
-
devise :omniauthable, :
|
179
|
+
devise :omniauthable, omniauth_providers: [:google_oauth2]
|
172
180
|
```
|
173
181
|
|
174
182
|
Then make sure your callbacks controller is setup.
|
@@ -177,14 +185,14 @@ Then make sure your callbacks controller is setup.
|
|
177
185
|
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
|
178
186
|
def google_oauth2
|
179
187
|
# You need to implement the method below in your model (e.g. app/models/user.rb)
|
180
|
-
@user = User.from_omniauth(request.env[
|
188
|
+
@user = User.from_omniauth(request.env['omniauth.auth'])
|
181
189
|
|
182
190
|
if @user.persisted?
|
183
|
-
flash[:notice] = I18n.t
|
184
|
-
sign_in_and_redirect @user, :
|
191
|
+
flash[:notice] = I18n.t 'devise.omniauth_callbacks.success', kind: 'Google'
|
192
|
+
sign_in_and_redirect @user, event: :authentication
|
185
193
|
else
|
186
|
-
session[
|
187
|
-
redirect_to new_user_registration_url
|
194
|
+
session['devise.google_data'] = request.env['omniauth.auth'].except(:extra) #Removing extra as it can overflow some session stores
|
195
|
+
redirect_to new_user_registration_url, alert: @user.errors.full_messages.join("\n")
|
188
196
|
end
|
189
197
|
end
|
190
198
|
end
|
@@ -195,12 +203,12 @@ and bind to or create the user
|
|
195
203
|
```ruby
|
196
204
|
def self.from_omniauth(access_token)
|
197
205
|
data = access_token.info
|
198
|
-
user = User.where(:
|
206
|
+
user = User.where(email: data['email']).first
|
199
207
|
|
200
208
|
# Uncomment the section below if you want users to be created if they don't exist
|
201
209
|
# unless user
|
202
|
-
# user = User.create(name: data[
|
203
|
-
# email: data[
|
210
|
+
# user = User.create(name: data['name'],
|
211
|
+
# email: data['email'],
|
204
212
|
# password: Devise.friendly_token[0,20]
|
205
213
|
# )
|
206
214
|
# end
|
@@ -210,7 +218,10 @@ end
|
|
210
218
|
|
211
219
|
For your views you can login using:
|
212
220
|
|
213
|
-
```
|
221
|
+
```erb
|
222
|
+
<%= link_to "Sign in with Google", user_google_oauth2_omniauth_authorize_path %>
|
223
|
+
|
224
|
+
<%# Devise prior 4.1.0: %>
|
214
225
|
<%= link_to "Sign in with Google", user_omniauth_authorize_path(:google_oauth2) %>
|
215
226
|
```
|
216
227
|
|
@@ -261,8 +272,7 @@ window.gpAsyncInit = function() {
|
|
261
272
|
}, function(response) {
|
262
273
|
if (response && !response.error) {
|
263
274
|
// google authentication succeed, now post data to server.
|
264
|
-
jQuery.ajax({type: 'POST', url:
|
265
|
-
data: response,
|
275
|
+
jQuery.ajax({type: 'POST', url: '/auth/google_oauth2/callback', data: response,
|
266
276
|
success: function(data) {
|
267
277
|
// response from server
|
268
278
|
}
|
@@ -276,23 +286,15 @@ data: response,
|
|
276
286
|
|
277
287
|
```
|
278
288
|
|
279
|
-
|
280
|
-
|
281
|
-
If you'd like to use omniauth state param, you can implement it by yourself using rails csrf token. For example:
|
289
|
+
#### Note about mobile clients (iOS, Android)
|
282
290
|
|
283
|
-
|
284
|
-
class ApplicationController < ActionController::Base
|
285
|
-
before_action :initialize_omniauth_state
|
291
|
+
The documentation at https://developers.google.com/identity/sign-in/ios/offline-access specifies the _REDIRECT_URI_ to be either a set value or an EMPTY string for mobile logins to work. Else, you will run into _redirect_uri_mismatch_ errors.
|
286
292
|
|
287
|
-
|
293
|
+
In that case, ensure to send an additional parameter `redirect_uri=` (empty string) to the `/auth/google_oauth2/callback` URL from your mobile device.
|
288
294
|
|
289
|
-
|
290
|
-
session['omniauth.state'] = response.headers['X-CSRF-Token'] = form_authenticity_token
|
291
|
-
end
|
292
|
-
...
|
293
|
-
```
|
295
|
+
#### Note about CORS
|
294
296
|
|
295
|
-
|
297
|
+
If you're making POST requests to `/auth/google_oauth2/callback` from another domain, then you need to make sure `'X-Requested-With': 'XMLHttpRequest'` header is included with your request, otherwise your server might respond with `OAuth2::Error, : Invalid Value` error.
|
296
298
|
|
297
299
|
## Fixing Protocol Mismatch for `redirect_uri` in Rails
|
298
300
|
|
@@ -305,7 +307,7 @@ OmniAuth.config.full_host = Rails.env.production? ? 'https://domain.com' : 'http
|
|
305
307
|
|
306
308
|
## License
|
307
309
|
|
308
|
-
Copyright (c)
|
310
|
+
Copyright (c) 2017 by Josh Ellithorpe
|
309
311
|
|
310
312
|
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
|
311
313
|
|
data/Rakefile
CHANGED
data/examples/Gemfile
CHANGED
data/examples/config.ru
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
# Sample app for Google OAuth2 Strategy
|
2
4
|
# Make sure to setup the ENV variables GOOGLE_KEY and GOOGLE_SECRET
|
3
5
|
# Run with "bundle exec rackup"
|
@@ -15,31 +17,104 @@ require 'omniauth-google-oauth2'
|
|
15
17
|
# http://railsapps.github.io/openssl-certificate-verify-failed.html
|
16
18
|
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
|
17
19
|
|
20
|
+
# Main example app for omniauth-google-oauth2
|
18
21
|
class App < Sinatra::Base
|
19
22
|
get '/' do
|
20
23
|
<<-HTML
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
+
<!DOCTYPE html>
|
25
|
+
<html>
|
26
|
+
<head>
|
27
|
+
<title>Google OAuth2 Example</title>
|
28
|
+
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
|
29
|
+
<script>
|
30
|
+
jQuery(function() {
|
31
|
+
return $.ajax({
|
32
|
+
url: 'https://apis.google.com/js/client:plus.js?onload=gpAsyncInit',
|
33
|
+
dataType: 'script',
|
34
|
+
cache: true
|
35
|
+
});
|
36
|
+
});
|
37
|
+
|
38
|
+
window.gpAsyncInit = function() {
|
39
|
+
gapi.auth.authorize({
|
40
|
+
immediate: true,
|
41
|
+
response_type: 'code',
|
42
|
+
cookie_policy: 'single_host_origin',
|
43
|
+
client_id: '#{ENV['GOOGLE_KEY']}',
|
44
|
+
scope: 'email profile'
|
45
|
+
}, function(response) {
|
46
|
+
return;
|
47
|
+
});
|
48
|
+
$('.googleplus-login').click(function(e) {
|
49
|
+
e.preventDefault();
|
50
|
+
gapi.auth.authorize({
|
51
|
+
immediate: false,
|
52
|
+
response_type: 'code',
|
53
|
+
cookie_policy: 'single_host_origin',
|
54
|
+
client_id: '#{ENV['GOOGLE_KEY']}',
|
55
|
+
scope: 'email profile'
|
56
|
+
}, function(response) {
|
57
|
+
if (response && !response.error) {
|
58
|
+
// google authentication succeed, now post data to server.
|
59
|
+
jQuery.ajax({type: 'POST', url: "/auth/google_oauth2/callback", data: response,
|
60
|
+
success: function(data) {
|
61
|
+
// Log the data returning from google.
|
62
|
+
console.log(data)
|
63
|
+
}
|
64
|
+
});
|
65
|
+
} else {
|
66
|
+
// google authentication failed.
|
67
|
+
console.log("FAILED")
|
68
|
+
}
|
69
|
+
});
|
70
|
+
});
|
71
|
+
};
|
72
|
+
</script>
|
73
|
+
</head>
|
74
|
+
<body>
|
75
|
+
<ul>
|
76
|
+
<li><a href='/auth/google_oauth2'>Sign in with Google</a></li>
|
77
|
+
<li><a href='#' class="googleplus-login">Sign in with Google via AJAX</a></li>
|
78
|
+
</ul>
|
79
|
+
</body>
|
80
|
+
</html>
|
24
81
|
HTML
|
25
82
|
end
|
26
83
|
|
84
|
+
post '/auth/:provider/callback' do
|
85
|
+
content_type 'text/plain'
|
86
|
+
begin
|
87
|
+
request.env['omniauth.auth'].to_hash.inspect
|
88
|
+
rescue
|
89
|
+
'No Data'
|
90
|
+
end
|
91
|
+
end
|
92
|
+
|
27
93
|
get '/auth/:provider/callback' do
|
28
94
|
content_type 'text/plain'
|
29
|
-
|
95
|
+
begin
|
96
|
+
request.env['omniauth.auth'].to_hash.inspect
|
97
|
+
rescue
|
98
|
+
'No Data'
|
99
|
+
end
|
30
100
|
end
|
31
101
|
|
32
102
|
get '/auth/failure' do
|
33
103
|
content_type 'text/plain'
|
34
|
-
|
104
|
+
begin
|
105
|
+
request.env['omniauth.auth'].to_hash.inspect
|
106
|
+
rescue
|
107
|
+
'No Data'
|
108
|
+
end
|
35
109
|
end
|
36
110
|
end
|
37
111
|
|
38
|
-
use Rack::Session::Cookie, :
|
112
|
+
use Rack::Session::Cookie, secret: ENV['RACK_COOKIE_SECRET']
|
39
113
|
|
40
114
|
use OmniAuth::Builder do
|
41
115
|
# For additional provider examples please look at 'omni_auth.rb'
|
42
|
-
|
116
|
+
# The key provider_ignores_state is only for AJAX flows. It is not recommended for normal logins.
|
117
|
+
provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], access_type: 'offline', prompt: 'consent', provider_ignores_state: true, scope: 'email,profile,calendar'
|
43
118
|
end
|
44
119
|
|
45
120
|
run App.new
|