Is there a way I can test out the OmniAuth authentication from a standalone ruby script?
Every resource I could find on web lists its usage only in Rails project.This link too: http://www.omniauth.org/
In other words I could not find any client like this FitGem. The fitbit API uses Oauth authentication.FitGem is a client inteface to test out the authentication/authorization to FitBit using OAuth token.
More details here on FitGem: http://www.fitbitclient.com/guide/getting-started
Thanks.
I realize this is old, but I came across it whilst googling so others might also. Maybe this will help the next passerby...
To answer the question - no, it isn't possible to use OmniAuth within a simple, standalone script. What froderik said is correct, OmniAuth was designed to be used within an app on a rack-based framework (Rails, Sinatra, Pakyow, etc.).
To expand on that just a bit though, OmniAuth relies on the ability to intercept and send HTTP requests to/from your app. By default, OmniAuth intercepts requests to /auth/:provider to kickoff the authorization process and will then send callbacks to either /auth/:provider/callback or /auth/failure depending on the outcome of the auth attempt.
Obviously, that functionality is beyond the scope of a standalone script. But if I were to recommend a solution for writing a quick test using OmniAuth, I'd recommend Sinatra. It's certainly not the only solution (any rack-based framework will do), but it provides the needed functionality with minimal overhead.
Related
I am new the webAPI2, so please excuse me if my question is trivial. I want to implement token based security for my webAPI, so that other applications (apart from my SPA) can also call my webAPIs.
I started with Owin OpenAuth and implemented a POC. Everything worked well. But when I had to send client to Authorization to Authorization server, I could not find any inbuilt function to do that. I had to build this my self. Then I came across DotNetOpenAuth that provides APIs to set the communication as well. As far as I could find out, Microsoft is favoring Owin OpenAuth over DotNetOpenAuth.
Can anybody please provide the differences between these two? Also, which one is recommended?
Thanks In Advance
Brock Allen answered a similar question here
The OWIN middleware is grated more for just the protocol bits, but has
none of the necessary persistence bits (or replay protection or
refresh token support or many other things). If you are interested in
working directly with the protocol because you want to learn it and
really learn how to build a server, then the OWIN middleware is an ok
place to start. But if all you want is a sever that already has all of
those pieces implemented, then consider looking into IdentityServer
or DotnetOpenAuth
First off let me state this is HOMEWORK for school. I am looking for general ideas and direction, not "this is exactly what to write". We did not really cover API's so I am trying to learn as I go.
I have been asked to design an API that can be used with Facebook, for things like posting on my feed or adding new friends. I have been doing tutorials online and most seem to have me add some "ruby gem" that has whatever websites methods and stuff. For example I did a Twilio.com demo that needed require 'twilio-ruby' and a twitter one that needed require 'twitter'. To my understanding, these are "gems" and not "API's" correct? That being said, is Koala an API or a simply a gem that contains the methods I need for writing an API (specifically for Facebook)? If I were to use Koala and it was an API, I feel that would sort of defeat the purpose of writing an API (just reusing their methods and such).
Any other ruby API Facebook help would be greatly appreciated!
Have a look at https://developers.facebook.com/docs/other-sdks Koala is listed as "other" SDK, meaning that it provides a wrapper around the low-level Facebook Graph API requests. So, no, it's not an own (web) API IMHO.
In a narrower interpretation, an API is just an "application programming interface". This would not necessarily have to deal with being accessible for example via a REST interface. I think it depends on the definition of API, respectively what you professor expects. If this is unclear, I'd check back with him/her.
Check
http://en.wikipedia.org/wiki/Api
http://en.wikipedia.org/wiki/Web_API
http://en.wikipedia.org/wiki/Representational_state_transfer
I am in the middle of building a PhoneGap (Cordova) app which I would like to be able to talk to a Django site of mine. The steps needed to get the app working are:
Authenticate the user (stay logged-in across app restarts) (e.g. get session cookie from Django for communication with the service - where to store?). Note: The Django endpoint uses https.
When app receives push notification load some data from my django site.
Make selection on data and submit response back to my django site (will need the csrf token?)
I was able to sort out the push notifications but now I am wondering which solution would work best for the communication with Django.
As I understand there are two possible approaches:
Either to implement a REST service with something like tastypie or
try to setup the communication via ajax (e.g. jQuery)
At the moment I am thinking that going simply ajax might be the best approach since the app is fairly small and there are no additional requirement for a REST API.
It would be great if anyone could give me any pointers on how to solve this or share some experiece / code. Especially the steps of the authentication process are unclear to me.
I am not sure if this is still an open question but it is sure an interesting one.
I would strongly suggest on using the django-tastypie and you could start by using the docs which are indeed a great point of reference.
My experience until now has shown that I should always start by making my api clear(and rest) than choosing an easier faster solution(e.g. ajax) because if your app is a successful one, frameworks like tastypie help you scale.
The authentication process is pretty straightforward if you choose the basic one.
You just ask for the user credentials and there are many clients implementing the client side basic auth.
Fortunately, tastypie supports more than this. For example, the api authentication and you could read more here.
If you need anything else, please let me know.
Regards,
Michael.
I see that the goauth and go-oauth OAuth libraries have been written for the Go Programming Language, but a couple of hours of searching online turns up nothing for SAML.
I would like to use Go to implement SSO support using SAML for a web service, but without a SAML library for Go it looks like I will have to "wrap" the SAML logic in a separate service, implemented in another language.
Does anyone know of a Go-friendly SAML library, or maybe some some trick for using a Java, C, or PHP library from a Go program?
I have used gosaml and it works pretty good but there is also go-saml from robots and pencils.
I figured after a year, it would be good to answer this question because it would still be good to have some sort of answer here for people looking for SAML libraries for Go.
I haven't seen a SAML implementation for Go, but you could use a server that already implements it in front of your app.
One of the best supported SAML implementations is Shibboleth. The apache module is the most mature, and is probably the easiest method to use, since you just put your app behind a reverse proxy in apache. There's also a fastcgi authenticator, which uses the same backend, but I can't speak for it's ease of implementation.
If you just need a service-provider, the simplest SAML binding is HTTP-POST-SimpleSign. I made a proof-of-concept implementation in python, to try and demonstrate the simplest SP I could. I make no claims to the robustness of this module, but you can see that it could be done with not too much code. That's assuming the Identity Providers you're working with support this binding. And as always, be wary when deploying any custom security-related code.
If you want to validate SAML replies from AWS IdP in your assertion consumer endpoint then you better go with https://github.com/crewjam/saml as it does not rely on libxmlsec1 system library.
For some reason libxmlsec1 does not validate SAML replies from some IdP (AWS) successfully (supposedly because of some undefined namespaces).
I'm trying to make a web app in Sinatra, and I was wondering if there was a good solution for user sign-up with email verification, as well as authentication - perhaps as rack middleware? OpenID support would be nice to have too.
I suppose I can roll my own, but I didn't want to reinvent the wheel. If I have to do so, can anyone point me to the libraries I might want to use, maybe even example code? I'm also worried I might end up forgetting to implement something important with signup/authentication, since I've never done this before.
In case I need a homemade solution, I've found bcrypt-ruby for password encryption and Sinatra::Mailer or Pony for email. For signing on with OpenID support, there's hancock and hancock-client, though I'm not entirely clear on usage and I don't actually need single sign-on support. Maybe I should just use a ruby openid library? Do I need anything else?
This is a pretty muddled question, but I hope someone more experienced can point me in the right direction.
You might be interested in Authlogic. You'll need to implement the e-mail verification yourself, but it will provide you with a good foundation for supporting this.
Authlogic can be
used in any ruby framework you want:
Rails, Merb, Sinatra, Mack, your own
framework, whatever. It’s not tied
down to Rails. It does this by
abstracting itself from these
framework’s controllers by using a
controller adapter. Thanks to Rack,
there is a defined standard for
controller structure, and that’s what
Authlogic’s abstract adapter follows.
So if your controller follows the rack
standards, you don’t need to do
anything.