Name: artsy-auth
Owner: Artsy
Description: Ruby Gem for adding Artsy's omniauth based authentication to your app.
Created: 2017-03-29 21:26:06.0
Updated: 2017-03-29 21:44:23.0
Pushed: 2017-11-02 18:42:19.0
Homepage: null
Size: 36
Language: Ruby
GitHub Committers
| User | Most Recent Commit | # Commits |
|---|
Other Committers
| User | Most Recent Commit | # Commits |
|---|
Ruby Gem for adding Artsy's omniauth based authentication to your app.
Add following line to your Gemfile.
'artsy-auth'
Artsy Auth is based on Rails::Engine.
Add artsy_auth.rb under config/initializers. We need to configure ArtsyAuth to use proper Artsy application_id and application_secret. Also it needs artsy_api_url which will be used to redirect sign_in and sign_out to proper location.
callback_url defines after a successful omniauth handshake, where should we get redirected to.
nfig/initializers/artsy_auth.rb
yAuth.configure do |config|
nfig.artsy_api_url = 'https://stagingapi.artsy.net' # required
nfig.callback_url = '/admin' # optional
nfig.application_id = '321322131' # required
nfig.application_secret = '123123asdasd' # required
You also need to mount session related endpoints to your app, in your config/routes.rb. Add following line to your current routes.
nfig/routes.rb
t ArtsyAuth::Engine => '/'
In order to force authentication, you need to include 'ArtsyAuth::Authenticated' in your controller, you also need to add (override) authorized_artsy_token? method there which gets a token and in your app you need to define how do you authorize that token, for example:
s ApplicationController < ActionController::Base
Prevent CSRF attacks by raising an exception.
otect_from_forgery with: :exception
This will make sure calls to this controller have proper session data
if they don't it will redirect them to oauth url and once authenticated
on successful authentication we'll call authorized_artsy_token
clude ArtsyAuth::Authenticated
override application to decode token and allow only users with `tester` role
f authorized_artsy_token?(token)
decoded_token, _headers = JWT.decode(token, 'some-secret')
decoded_token['roles'].include? 'tester'
d
The JWT is signed using a different secret from the client secret for OAuth. For Artsy engineers: get it from the internal_secret on your corresponding ClientApplication model. External engineers, send an email to ashkan@ or orta@ artsymail.com.
The JWT contains user information that you can get from an API call to get the me user account, you can work around not having the secret by making a request for that against the API.
In previous versions you would change your ApplicationController to inherit from ArtsyAuth::ApplicationController, with versions > 0.1.7 you need to include ArtsyAuth::Authenticated like the example above.