OAuth is often described as a 'valet key for the web'. In the same way as a valet key gives restricted access to a car, allowing the valet to drive it but not open the trunk or glovebox, OAuth allows a client application restricted access to your data at a resource server via tokens issued by an authorization server in response to your access grant.
Facebook Platform uses the OAuth 2.0 protocol for authentication and authorization. Suppose your Rails application allows users to share content with their Facebook friends. To support this, a connection needs to be established between a user's local account and her Facebook account. Once established, a Facebook instance can be obtained and used to post content to the user's wall. The basic idea is to store the access_token during an OAuth2 login process and later on use the token to fetch more data.
The last days I was working on letting user sign-up/sign-in using Facebook account. I'm planning to integrate some social features into my ongoing Rails project. Previously I was working with
Facebooker, an awesome Rails plugin that did a great job for my previous project, however it seemed not support the latest Facebook Graph API. Thought I found a new solution.
OmniAuth is an open source project which provides support for many of the main providers out there: twitter, facebook, foursquare, and many more. In addition, OmniAuth is designed in such a way that it is very easy to implement custom strategies---interchangable logic which encapsulates the steps required to successfully authenticate with an Oauth2 provider.
OmniAuth relies on the request and callback sequence as defined in OAuth2 specification. OmniAuth extracts away a lot of the complexity of working with OAuth, so we can skip all of that information and focus on just what we need to. The diagram below depicts how OmniAuth handles the request and callback sequence:
The request phase of the OAuth dance typically redirects to a providers website which prompts the user to enter their credentials with the provider calling back to Omniauth with a success or failure message.
There is a couple of great
screencasts on how to integrate
Omniauth to
Devise using Rails 3 and allow Facebook, Twitter, etc. authentications. In this post, I'm going to show you how to connect to the Facebook platform using
FbGraph along with
Omniauth to retrieve a list of records and post message to the facebook wall via its Graph API. For this example, I'm using Rails 2.3.8 on my Mac. But I strongly encourage you to start with Rails 3.
First, we would need a migration to store a permanent Facebook token for offline access:
$ script/generate migration AddFacebookTokenToUsers
Add the following to your config/environment.rb
Next, in your initializer, usually config/initializer/omniauth.rb, request additional permissions, we need to tell Omniauth to retrieve more Facebook permissions in order to have offline access, Wall, etc. You can define the ones you need from
Facebook permissions API pages, but here is my setting:
If you get this error message when you're trying to run your Rails server:
WARNING: Nokogiri was built against LibXML version 2.7.7, but has dynamically loaded 2.7.8
The problem was most likely bad library management, if you don't have libxml2 in the Cellar directory on OSX, you can install it to this using homebrew:
Now, lets get to the application code changes. In the application controller we define the facebook_user like this:
In the routes.rb we add following routes:
Next, edit your fb_oauth_controller.rb add the callback method:
Callback is the action that is called after the authorization. The access_token is not restricted with time unless Facebook changes their policy and make them expire after a particular period of time, and is used later for interacting with Facebook.. To understand how it all works, read about
Facebook permissions, the
Graph API. The /auth/facebook url is invoked first. This redirects the user to Facebook where the user gets the permission prompt, to allow your application to access the users information. If everything works you should have the full authentication workflow going!
You can also use this URL to get a permanent access_token:
Facebook uses the OAuth 2.0 protocol for user authentication and application authorization. Following are the steps required to obtain an access token:
(b) User enters their credential in the above Facebook URL and after successfully authorizing the application, Facebook would redirect the user to the authorize callback url along with a verification string in the argument code, which can be exchanged for an OAuth access token.
Once the access token is obtained, all further communications to Facebook will only require this token instead of the user’s credentials.
You can modify the callback method to integrate Facebook connect with your authentication system (Allow your users to sign up/sign in with their Facebook account). See the example below:
Now the application retrieves email and also you have an access to Facebook Graph API. For instance, to post something on Facebook wall you can:
Enjoy! hope this helps you :)
