Sign In With Twitter using Omniauth and the Twitter gem Discussion
Excellent episode Chris! 2 off-episode questions: why does your version of Chrome have a "People" menu and any chance you'll post this to github?
I think it came in Chrome beta a month or two ago. It's so useful to separate out your Google accounts between windows.
And I've uploaded the repo for this app to Github for you. :) It's the last link in the resources list.
Nice episode Chris. A small note that might help people new to adding initializers is that you need to restart your app after you add the omniauth initializer so that localhost:3000/auth/twitter works as expected. Might throw a few people off if they follow your steps along and forget to restart the app.
Tim Howard
Ashley Connor
The Omniauth auth hash actually uses a gem called Hashie to allow method access for keys, not HashWithIndifferentAccess which only allows you to use symbols/strings keys interchangeably.
The main annoyance of Omniauth I find is when using it with Devise. The Devise user model requires an email to work 'out of the box' and Twitter's API does not give you the users email.
Yeah my mistake there. Hashie is great.
Agreed with Twitter's API. They want to control that information which is unfortunate. In that case, you can generate a fake email if you don't want to ask the user for it, or you can send them to a form to fill out that information. Neither is ideal, but it gets the job done.
Vibhoo Mishra
Super helpful episode! I was in the middle of connecting my app to Stripe Connect (which also uses OmniAuth) and the steps are pretty much identical. Just wondering if anyone has come up with a good strategy for testing this kind of behaviour?
This looks like a reasonable approach to testing your user creation and lookups but it isn't a full example: http://stackoverflow.com/qu...
Guest
How it to realize in database Mongoid? Mistake $oil... "id" mongo "_id" error current_user.name, name no safe in database... help
Guest
Chris, I keep trying to take a version of this into the production environment but have had no luck. Keep getting "OAuth::Unauthorized 401 Authorization Required" errors. Any idea why?
I believe that can happen with the callback url on Twitter. You might try http://127.0.0.1:3000/ instead of localhost.
Guest
Any thoughts to why my variables declared in secrets.yml file would not be loading correctly when I restart my app? My Rails.applications.secrets.twitter_xxxx isn't pulling correctly to the point where the omniauth.rb initializer crashes rails when I restart the server.
Great episode Chris, I'm currently trying to integrate this gem with devise but not very successful, any chance you could run through this in the near future?
That's the plan. Twitter is a bit frustrating because it doesn't give you an email so you can't create Devise users easily with it. Need to store the OAuth hash in the session so you can ask for an email first. I'll be doing an episode on that soon.
Recently twitter started to white-list applications to provide developers with more access to user data; such as, email. Check out this link https://dev.twitter.com/res... and fill the application to get white listed.
Just on the gitignore for secrets.yml. You can't do this after you have already commit secrets.yml. I followed the instructions but had already commited it so gitignore would always see it even if I deleted it etc.
The answer I am now looking for is how to generate a new secrets.yml secret_key_base
from the command line `rake secret` and copy into your secrets.yml file for develop and test environments (if you are choosing to gitignore the new file).
Please note that if you follow this guide and you are also using devise omniauthable you will not need to create the omniauth.rb file. You can go to devise.rb and find the omniauth configuration lines there (just uncomment the config.omniauth lines and set it like Chris does (I think initially Devise had ENV instead of Rails.application.secrets...
# ==> OmniAuth
# Add a new OmniAuth provider. Check the wiki for more information on setting
# up on your models and hooks.
# config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
config.omniauth :yammer, Rails.application.secrets.yammer_api_key, Rails.application.secrets.yammer_api_secret
If you did what I did and set the devise.rb as well as the omniauth.rb then you will get two callback requests and trigger a CSRF error. (note I am using Yammer and yammer-omniauth gem instead of Twitter but pretty much all worked the same.
Started GET "/users/auth/yammer/callback?code=keyQ&state=secret" for 127.0.0.1 at 2015-02-05 16:31:15 +1000
I, [2015-02-05T16:31:15.558087 #3900] INFO -- omniauth: (yammer) Callback phase initiated.
I, [2015-02-05T16:31:42.574957 #3900] INFO -- omniauth: (yammer) Callback phase initiated.
E, [2015-02-05T16:31:42.575381 #3900] ERROR -- omniauth: (yammer) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
Processing by Users::OmniauthCallbacksController#failure as HTML
Parameters: {"code"=>"key", "state"=>"secret"}
Redirected to http://localhost:3000/sign_in
Completed 302 Found in 2ms (ActiveRecord: 0.0ms)
BronzeTax
Really good walkthrough, I was able to use this for Facebook as well with some elbow grease. Thank you. And you make me want to learn VIM!
Fabián Francisco Leiva
Really good tutorial, i tried this for facebook as well and works great! but now im having issues when i try to obtain user's data such as the email. Some say that i have to edit the "scope" parameter on omniatuh.rb, plz can anybody help me?
You can update your config when you setup Omniauth, you can specify your scope there. There are a lot of options for this, so just look up the available scopes for facebook to get the full list.
config.omniauth :facebook, "APP_ID", "APP_SECRET", scope: 'email', info_fields: 'email, name'
Bob
Is there a previous video that I'm missing? This was a great video until the part about the actual tweets-- it seems to be missing the part where used rails to create the Tweet and TweetsController scaffolding and routes.
Shawn Nigel Rebello
Arjun Ghimire
