Artsy Authentication
Ruby Gem for adding Artsy's omniauth based authentication to your app.
Installation
Add following line to your Gemfile.
gem 'artsy-auth'
Usage
Artsy Auth is based on Rails::Engine
.
Configure
Add artsy_auth.rb
under config/initializers
. We need to configure ArtsyAuth
to use proper Artsy application_id
and application_secret
. Also it needs artsy_api_url
which will be used to redirect sign_in
and sign_out
to proper location.
callback_url
defines after a successful omniauth handshake, where should we get redirected to.
# config/initializers/artsy_auth.rb
ArtsyAuth.configure do |config|
config.artsy_api_url = 'https://stagingapi.artsy.net' # required
config.callback_url = '/admin' # optional
config.application_id = '321322131' # required
config.application_secret = '123123asdasd' # required
end
You also need to mount session related endpoints to your app, in your config/routes.rb
. Add following line to your current routes.
# config/routes.rb
mount ArtsyAuth::Engine => '/'
In order to force authentication, you need to include 'ArtsyAuth::Authenticated' in your controller, you also need to add (override) authorized_artsy_token?
method there which gets a token and in your app you need to define how do you authorize that token, for example:
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
protect_from_forgery with: :exception
# This will make sure calls to this controller have proper session data
# if they don't it will redirect them to oauth url and once authenticated
# on successful authentication we'll call authorized_artsy_token
include ArtsyAuth::Authenticated
# override application to decode token and allow only users with `tester` role
def (token)
decoded_token, _headers = JWT.decode(token, 'some-secret')
decoded_token['roles'].include? 'tester'
end
end
Decoding the JWT
The JWT is signed using a different secret from the client secret for OAuth. For Artsy engineers: get it from the internal_secret
on your corresponding ClientApplication
model.
The JWT contains user information that you can get from an API call to get the me
user account, you can work around not having the secret by making a request for that against the API.
Update From Version < 0.1.7
In previous versions you would change your ApplicationController
to inherit from ArtsyAuth::ApplicationController
, with versions > 0.1.7
you need to include ArtsyAuth::Authenticated
like the example above.
Contributing
- Fork the project.
- Make your feature addition or bug fix with tests.
- Update CHANGELOG.
- Send a pull request. Bonus points for topic branches.