5. ABOUT AUTHENTICATION
• authenticationand
authorization are two things
• authentication is just an
identity token / ticket
• canuse multi authentication
providers on one site
• oneuser can have many
authentications
6. Oauth
customer devise
providers
OpenID
providers
LDAP
omniauth
providers
3rd party
providers
CAS username
server /password
DEVISE - OMNIAUTH WAY
11. FEATURES OF DEVISE
• rack - simple and fast
• strategies - logical and flexible
• modularity - maintainable rails engine
• multi-models - signed in at the same time
• extensions - diversity
• authentication scheme with general user’s needs
21. DEVISE CUSTOMIZATION
• config - set configurations for devise
• migrations - set database fields
• models - select modules, set attributes
• routes - set uri mapping
• controllers - set filters and redirects
• views - set html and css
22. rake middleware
use ActionDispatch::Static
use Rack::Lock
use ActiveSupport::Cache::Strategy::LocalCache
use Rack::Runtime
use Rails::Rack::Logger
use ActionDispatch::ShowExceptions
use ActionDispatch::RemoteIp
use Rack::Sendfile
use ActionDispatch::Callbacks
use ActiveRecord::ConnectionAdapters::ConnectionManagement
use ActiveRecord::QueryCache
use ActionDispatch::Cookies
use ActionDispatch::Session::CookieStore
use ActionDispatch::Flash
use ActionDispatch::ParamsParser
use Rack::MethodOverride
use ActionDispatch::Head
use ActionDispatch::BestStandardsSupport
use Warden::Manager
run DeviseTutorial::Application.routes
28. OMNIAUTH MIDDLEWARES
rake middleware
use ActionDispatch::Static
......
use ActionDispatch::BestStandardsSupport
use Warden::Manager
use OmniAuth::Strategies::Facebook
use OmniAuth::Strategies::Twitter
use OmniAuth::Strategies::GitHub
use OmniAuth::Strategies::OpenID
use OmniAuth::Strategies::OpenID
use OmniAuth::Strategies::OpenID
use OmniAuth::Strategies::GoogleApps
use OmniAuth::Strategies::GoogleApps
run DeviseTutorial::Application.routes
30. NEEDS OF OAUTH
• create new app record for each client site
• app id and app secret are required
• callback url must match
• access token / error message will append to callback url
• specific yaml pattern for user auth data
41. TWITTER OAUTH WORK
FLOW api.twitter.com
• /users/auth/twitter
• users/omniauth_callbacks#passthru
• https://api.twitter.com/oauth/authenticate
• /users/auth/twitter/callback?code=xxxxxx
• twitter auth data is too big for cookies session store
• no email in user auth data