Reputation: 12653
What is currently the correct way to use Omniauth with Google credentials?
What is currently the best way to authorise users of a Rails app using Google credentials?
Google have made some major changes to their service over the past year or so. At the same time information about Omniauth and Google is fairly sparse, from what I can see. So I'd like to know what people consider to be the best approach at this time.
I'm using Devise + Omniauth. I want users to be able to login using their Google credentials (I already understand how to do this for other providers). But I also need an oauth token that will enable users to interact with their Google+ stream and other services (I know the API is currently read only, but I'm planning for the future).
So my specific questions are:
1) I've seen reference to using open-id or the omniauth-google-oauth2 gem. Are there any significant differences between these two approaches, and what is now considered the "right" approach?
2) How "walled" is the Google ecosystem? For example, is it relatively straightforward to enable a user to interact with their G+ stream and their Picassa albums and their YouTube videos etc from within my app? Or are these completely separate ecosystems? I ask this because the information I've seen seems to suggest that the specific service must be defined as a scope when omniauth for google is initialized. But it's unclear how integrated the services are after the user has authenticated.
Thanks for any tips or advice that will help me get to grips with Google!
Upvotes: 3
Views: 416
Answers (1)
Reputation: 19203
The open-id gem is just a quick and dirty way to get some authentication using a gmail account. While for Twitter you have to register an app, set some callback urls, get your key and secrets... With this gem, all you need is this:
# Gemfile
gem 'omniauth-openid'
# Using pure omniauth
# omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :openid, :store => OpenID::Store::Filesystem.new('/tmp'), :name => 'google', :identifier => 'https://www.google.com/accounts/o8/id'
end
# Using devise
# devise.rb
Devise.setup do |config|
config.omniauth :open_id, :store => OpenID::Store::Filesystem.new('/tmp'), :name => 'google', :identifier => 'https://www.google.com/accounts/o8/id'
end
You don't even need a key and secret! The downside of this ease of use is that since you don't register an app, you can't customize the authentication prompt, like choosing a name, a description and a logo of your application. All you get is a (rather ugly) prompt. Check out this website, for example, to see what I mean. Or check StackOverflow, they use it too.
But more importantly, you only get access to the user's email address and associated name.
So, I'm pretty sure omniauth-google-oauth2 is the way to go for you. You'll need to register your app at Google's Cloud Console and get your API key and secret there.
I agree with you that there's little documentation on Google Oauth (or maybe we haven't searched hard enough). If you write a tutorial on how to access all that info you talked about (G+ stream, youtube videos,..) when you get this to work, I'd certainly read it eh!
Upvotes: 3
Related Questions
- Using omniauth-google-oauth2 in rails API
- Authenticated routes with Omniauth Google
- Using omniauth-google-oauth2 gem in rails 2.3.8 and ruby 1.8.7
- Rails: omniauth-google, how to bypass login?
- Is there an omniauth strategy for Google login using openid?
- How to setup a login with google in rails applicaiton?
- Configuration settings for Omniauth to Google in Rails
- Login with gmail and OmniAuth in rails 3
- Rails: Google login with omniauth
- Omniauth Google Account UID?