Omniauth Github Authentication

Question

I am building an application that will allow users to sign in using their Github authentication credentials. The problem is that, I cannot find anything in the documentation, about restricting access to certain users. For example I want users from a specific set of organizations to be able to login in not all people that just have a github account. Any help?

Answer 1

You have a choice at which point in the cycle you authenticate them, before Github or after Github. Judging from your question you'd like to do this during/after auth. Github allows you to add organisation information, but I haven't used this so I don't know how secure that is as a membership signifier, but I'll assume it's good enough.

On auth you'll get sent back a load of details about the user, in the info key of the auth hash, which is in the Rack env under the key 'omniauth.auth'. If you look at the auth hash returned it will likely have the organisation details, or you could request them at this point. You can run a simple conditional on this, and if the user isn't in then fail them. If you look at the Sinatra example on the Omniauth wiki you'll see a point where it says # do whatever you want with the information!. It's at this point you would check and either pass or fail them (I chose that because it's a bit clearer than the Rails example, but for Rails you'd just do the same in the action you'd mapped to in the controller). You could raise an exception, or (my choice would be) redirect them to the failure endpoint, it's up to you.

It would be a good idea to warn people before they try logging in, if that's possible.