如何使用和雅虎配置omniauth在各种环境下,谷歌,Facebook的策略? [英] How to use and configure omniauth with yahoo, google, facebook strategies in various environments?
问题描述
我工作的一个Rails 3.2的应用程序,这将允许用户与多个供应商...雅虎,谷歌,Facebook和/或Twitter进行身份验证。我们使用omniauth,虽然我理解的基本工作流程,我无法找到一个包容性的文件,规定了每个这些特定的供应商应配置也不怎么Rails应用程序应该设置这样我就可以适当的测试/在使用这些策略开发,测试和生产环境。
I'm working on a Rails 3.2 application that will allow users to authenticate with multiple providers ... Yahoo, Google, Facebook and/or Twitter. We are using omniauth, and while I understand the basic workflow, I cannot find an inclusive document that states how each of these specific providers should be configured nor how a Rails application should be set up so that I can properly test/use these strategies in development, test and production environments.
所以我的问题:
-
有关这些提供商(雅虎,谷歌,推特,脸谱),需要采取哪些步骤来配置,使他们能够在开发,测试和生产环境中使用单独为omniauth每一个?的
For each of these providers (yahoo, google, twitter, facebook), what steps are necessary to configure each one individually for omniauth so that they can be used in development, test and production environments?
什么是配置Rails应用程序正确地使用这些供应商的最佳/推荐的方式无论环境,我在跑?
What is the best/recommended way to configure the Rails application to properly use each of these providers for whatever environment I'm running in?
谢谢 - WG
推荐答案
至于你的第一个问题:
您需要创建的Facebook,谷歌和Twitter的应用程序,允许他们使用OAuth协议的。至于雅虎,我不知道。是雅虎还有用吗?开玩笑。对于所有可用的Omniauth提供商战略的列表,请这里。
You need to create apps for Facebook, Google and Twitter to allow the use of their OAuth protocol. As for Yahoo, I don't know. Is Yahoo still relevant? Just kidding. For a list of all the available Omniauth provider strategies, go here.
所以,Facebook的:
So, Facebook:
https://developers.facebook.com/apps
Create app. You'll be given an API Key and an API Secret.
Settings > Basic > Website > Site URL:
your_website_callback_url for production
Twitter的:
Twitter:
https://apps.twitter.com/
Create app. You'll be given an API Key and an API Secret.
Settings > Callback URL:
your_website_callback_url for production
谷歌:
https://console.developers.google.com
Create app. You'll be given an API Key and an API Secret.
Services > Select necessary services and scopes
APIs & auth > Credentials > Create New Client ID:
http://localhost:3000/ for development/testing
your_website_callback_url for production
然后,您的Gemfile:
Then, your Gemfile:
gem 'omniauth-facebook'
gem 'omniauth-twitter'
gem 'omniauth-google-oauth2'
创建一个文件来设置你的策略。该公约是omniauth.rb命名。还有一堆可供每个提供不同的选择,你要调查什么那些是:
Create a file to setup your strategies. The convention is naming it omniauth.rb. There are a bunch of different options available to each provider, you'll have to investigate what those are:
# config/initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, 'FACEBOOK_KEY', 'FACEBOOK_SECRET', {
secure_image_url: 'true',
image_size: 'square'
}
provider :twitter, 'TWITTER_KEY', 'TWITTER_SECRET', {
secure_image_url: 'true',
image_size: 'normal'
}
provider :google_oauth2, 'GOOGLE_KEY', 'GOOGLE_SECRET', {
image_size: 50,
image_aspect_ratio: 'square'
}
end
然后按照这railscast 并的这个wiki 。你应该使用环境变量,如 ENV ['FACEBOOK_KEY'] 并在控制台设置,从而使您可以在运行时改变它们,使它们不会在推一个特定的文件到您的repositoriy(特别是如果你有一个公共的)。 <一href=\"http://stackoverflow.com/questions/13294194/rails-how-to-store-mailer-password-safely/13296207\">Here's解决来这个问题。
And then follow this railscast and this wiki. You should be using environment variables like ENV['FACEBOOK_KEY'] and setting them in the console so that you can change them during runtime and so that they don't get pushed in a certain file into your repositoriy (specially if you have a public one). Here's a solution to this problem.
最后,你应该寻找每一个提供商的宝石维基额外的信息。例如, Facebook的omniauth宝石自述提供被Facebook在用户进行身份验证返回的认证散列的例子通过Facebook。然后,您可以使用这些信息来定制你的用户模型(更新他的全名或他的形象,根据你想要做什么)。它还提到了如何索要额外的权限来访问用户数据是不公开的。
Finally, you should search for each provider's gem wiki for extra info. For instance, facebook's omniauth gem readme provides an example of an authentication hash returned by Facebook when a user authenticates through Facebook. You can then use this information to customize your user model (update his full name or his image, according to what you want to do). It also mentions how you can ask for extra permissions to access user data that is not publicly available.
编辑:要回答你的问题:
To answer your question:
就像我说的,我真的很喜欢Railscasts我跟着2个情节,其中制定和OmniAuth进行了整合。在这些事件中, omniauth-openid的宝石是用来与谷歌进行身份验证。它的缺点是,因为你不注册一个应用程序,你不能自定义身份验证提示。与Facebook和Twitter你能够选择一个名称,输入一个描述并上传应用程序的标志。您还可以设置链接到隐私和使用条款在您的网站的网页。所有这些小细节会出现用户,当他试图用这些服务登录和,你可以想像,它们会影响你的用户的转换率。
Like I said, I really like Railscasts and I followed 2 episodes where Devise and OmniAuth were integrated. In those episodes, the omniauth-openid gem is used to authenticate with Google. The downside of it is that since you don't register an app, you can't customize the authentication prompt. With Facebook and Twitter you're able to choose a name, type a description and upload the logo of your application. You can also set links to the "Privacy" and "Terms of Use" pages on your website. All these little details will appear to the user when he tries logging in with those services and, as you can imagine, they affect your user conversion rates.
使用 omniauth-openid的您不能自定义提示,你会得到的信息是有限的(只有电子邮件和与帐户相关联的名称)。如果这是你所需要的,那么你的所有设置。但是,如果你想获得用户的图像,也许从访问用户的Google+个人资料只提供其他私人信息,那么它可能会更好只是的 omniauth-google2 。
With omniauth-openid you can't customize the prompt and the information you get is limited (only the email and the name associated with the account). If that's all you need, then you're all set. If, however, you want to get the user's image, maybe access other private info only available from the user's Google+ profile, then it's probably better to just go with omniauth-google2.
有关OmniAuth的好处是,一旦你得到基本的基础工作,加入其他供应商是注册一个应用程序,得到一个API密钥和密码,并包含一定的宝石一样简单。我建议先用Facebook的开始,因为它是最流行的服务,因此是一个最文档(或至少一个与这里更多的问题上SO)。从那里,建立在你的应用程序并添加其他身份验证方法。
The good thing about OmniAuth is that once you get the basic foundation working, adding other providers is as easy as registering an app, getting an API key and secret and including a certain gem. I'd suggest starting first with Facebook since it's the most popular service and as such is the one with the most documentation (or at least the one with more questions here on SO). From there, build on your application and add other authentication methods.
这篇关于如何使用和雅虎配置omniauth在各种环境下,谷歌,Facebook的策略?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
