Closed brandonhilkert closed 9 years ago
jagthedrummer
commented
9 years ago So, as soon as the request hits your provider app you'll want to look at all of the params that come in. One of them will be the return URL where the client app wants you to redirect to (I believe it's called redirect_uri). You'll probably want to store that in the session so that you have it available after signing in the user. Let me know if that doesn't get you pointed in the right direction.
brandonhilkert
commented
9 years ago Ah, I see. Wouldn't that have to be done in the doorkeeper initializer? If so, does your provider handle it?
jagthedrummer
commented
9 years ago That line in the initializer just tells doorkeeper how to start the auth process by either returning a logged in user, or by directing them to the place where they have to log in (that's what warden.authenticate! does). Doorkeeper itself actually handles the initial book keeping of saving the redirect_uri doing the final redirect back to the consumer. If you're using Doorkeeper you shouldn't have to do much more in the initializer than what's in the one you linked to.
When you do your initial redirect from the client to the provider does that route go straight to doorkeeper?
brandonhilkert
commented
9 years ago Yeah that part is going ok. It's the redirect to the Authlogic login screen within the login provider that I'm working on.
[This wiki] describes a similar pattern I think I can use to store the redirect:
resource_owner_authenticator do |route|
session = UserSession.find
session && session.user || (request.session[:return_to] = request.fullpath; redirect_to(new_user_session_url))
end
And then the sessions controller would redirect back to that saved path:
def create
@user_session = UserSession.new(params[:user_session])
if @user_session.save
set_user_cookie(@user_session.user)
redirect_to session[:return_to]
else
render :action => :new
end
endThere's a lot of moving parts, just trying to keep them all in my head. I'm still a little unclear how the return to path is being saved when setup with Devise and it hits the provider, but there's no cookie and needs to go to the devise login page.
jagthedrummer
commented
9 years ago I think the general flow that happens in my producer app for a user that is not signed in is:
redirect_uri that the client sendsSo it's kinda: Doorkeeper -> Devise -> Doorkeeper -> Back to the client.
I think the code you posted above should do it. (Based on what I'm seeing here : https://github.com/doorkeeper-gem/doorkeeper/wiki/Authenticating-using-Clearance-or-DIY)
brandonhilkert
commented
9 years ago Awesome summary, thanks for that! Just out of curiosity, where's the code in this app that does the first step: Request hits doorkeeper and doorkeeper stores the redirect_uri that the client sends ?
jagthedrummer
commented
9 years ago There is no code in this app that does that. That's all doorkeeper. I think most of the parts you're interested in are in the AuthorizationsController. https://github.com/doorkeeper-gem/doorkeeper/blob/master/app/controllers/doorkeeper/authorizations_controller.rb
jagthedrummer
commented
9 years ago Also, now that I think about it, I'm not entirely sure that doorkeeper relies on the return url being passed in. I think you have to configure one when you create a new client app record in the doorkeeper admin area. (Sorry, it's been a while since I've been right down in all of this.)
brandonhilkert
commented
9 years ago Yup, I had to do that when I set up the first client. Thanks again for taking the time to chat and thanks again for the killer video! I learned a ton.
On Saturday, May 30, 2015, Jeremy Green notifications@github.com wrote:
Also, now that I think about it, I'm not entirely sure that doorkeeper relies on the return url being passed in. I think you have to configure one when you create a new client app record in the doorkeeper admin area. (Sorry, it's been a while since I've been right down in all of this.)
— Reply to this email directly or view it on GitHub https://github.com/jagthedrummer/so_auth_provider/issues/1#issuecomment-107098696 .
_Build a Ruby Gem is available! http://brandonhilkert.com/books/build-a-ruby-gem/?utm_source=gmail-sig&utm_medium=email&utm_campaign=gmail_
jagthedrummer
commented
9 years ago Happy to help! Thanks for letting me know you got something from my talk. That's always nice to hear. :)
I stumbled on your talk from last year's Railsconf and it's exactly what I'm currently working on.
I'm hoping you can offer some insight. We use Authlogic right now, instead of Devise. I'm tryig to grok all the pieces involved and it's a little fuzzy in my head.
Say we have
Service Athat requires auth. That service will redirect due to the create OAuth strategy to the SSO provider. Inside the provider, I've setup abefore_filterto check of the session is valid. If not, redirect to the login page that's based off Authlogic. I got all that working, but then once a successful sign in has been achieved, I'm missing what to do next.In this provider app, it's bottled up inside Devise it seems, but if feels like it needs to go back to the service app somehow, but that's the part that I'm confused about.
Any thoughts on how to get it back to the service that got it here in the first place?
ref: https://github.com/jagthedrummer/so_auth_provider/blob/master/app/controllers/oauth/sessions_controller.rb#L7