Name: artsy-auth
Owner: Artsy
Description: Ruby Gem for adding Artsy's omniauth based authentication to your app.
Created: 2017-03-29 21:26:06.0
Updated: 2017-03-29 21:44:23.0
Pushed: 2017-11-02 18:42:19.0
Homepage: null
Size: 36
Language: Ruby
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
Ruby Gem for adding Artsy's omniauth based authentication to your app.
Add following line to your Gemfile.
'artsy-auth'
Artsy Auth is based on Rails::Engine
.
Add artsy_auth.rb
under config/initializers
. We need to configure ArtsyAuth
to use proper Artsy application_id
and application_secret
. Also it needs artsy_api_url
which will be used to redirect sign_in
and sign_out
to proper location.
callback_url
defines after a successful omniauth handshake, where should we get redirected to.
nfig/initializers/artsy_auth.rb
yAuth.configure do |config|
nfig.artsy_api_url = 'https://stagingapi.artsy.net' # required
nfig.callback_url = '/admin' # optional
nfig.application_id = '321322131' # required
nfig.application_secret = '123123asdasd' # required
You also need to mount session related endpoints to your app, in your config/routes.rb
. Add following line to your current routes.
nfig/routes.rb
t ArtsyAuth::Engine => '/'
In order to force authentication, you need to include 'ArtsyAuth::Authenticated' in your controller, you also need to add (override) authorized_artsy_token?
method there which gets a token and in your app you need to define how do you authorize that token, for example:
s ApplicationController < ActionController::Base
Prevent CSRF attacks by raising an exception.
otect_from_forgery with: :exception
This will make sure calls to this controller have proper session data
if they don't it will redirect them to oauth url and once authenticated
on successful authentication we'll call authorized_artsy_token
clude ArtsyAuth::Authenticated
override application to decode token and allow only users with `tester` role
f authorized_artsy_token?(token)
decoded_token, _headers = JWT.decode(token, 'some-secret')
decoded_token['roles'].include? 'tester'
d
The JWT is signed using a different secret from the client secret for OAuth. For Artsy engineers: get it from the internal_secret
on your corresponding ClientApplication
model. External engineers, send an email to ashkan@ or orta@ artsymail.com.
The JWT contains user information that you can get from an API call to get the me
user account, you can work around not having the secret by making a request for that against the API.
In previous versions you would change your ApplicationController
to inherit from ArtsyAuth::ApplicationController
, with versions > 0.1.7
you need to include ArtsyAuth::Authenticated
like the example above.