
Security News
Nx npm Packages Compromised in Supply Chain Attack Weaponizing AI CLI Tools
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.
Strategy to authenticate with Cronofy via OAuth2 in OmniAuth.
Contains strategies for both End User authorization and Service Account authorization.
Get your API accesss at: https://www.cronofy.com/developers
Add this line to your application's Gemfile:
gem 'omniauth-cronofy'
And then execute:
$ bundle
Or install it yourself as:
$ gem install omniauth-cronofy
Here's an example for adding the middleware to a Rails app in config/initializers/omniauth.rb
:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :cronofy, ENV["CRONOFY_CLIENT_ID"], ENV["CRONOFY_CLIENT_SECRET"], {
scope: "read_account list_calendars create_event"
}
end
Then to auth with Cronofy you would navigate to /auth/cronofy
.
Cronofy supports explicit linking of calendar accounts by passing a link_token
to the auth flow. This strategy supports that token be passed as a query string parameter to the auth redirect.
/auth/cronofy?link_token=hga672376....
Cronofy supports to avoid profiles to be linked by passing an avoid_linking
param with true
value to the auth flow.
/auth/cronofy?avoid_linking=true
Cronofy allows the pre-selection of a calendar provider in the auth flow using the provider_name
param with one of the documented values.
/auth/cronofy?provider_name=office365
Configurable options
scope
: A space-separated list of permissions you want to request for the end-user. See the API Authorization documentation for a full list of available permissions. {
:provider => "cronofy",
:uid => "acc_382374827234",
:info => {
:email => "jo@company.com",
:name => "Jo Smith"
},
:credentials => {
:token => "token",
:refresh_token => "another_token",
:expires_at => 1424884727,
:expires => true
},
:extra => {
:raw_info => {
:account_id = "acc_9324872847",
:email => "jo@company.com",
:name => "Jo Smith"
}
}
}
Service Accounts allow you to use one set of credentials to access an entire organizations calendar service. This works with Google Apps, Office 365 and Exchange.
This can be used alongside standard end-user auth.
Typical configuration.
Rails.application.config.middleware.use OmniAuth::Builder do
provider :cronofy_service_account, ENV["CRONOFY_CLIENT_ID"], ENV["CRONOFY_CLIENT_SECRET"], {
scope: "service_account/manage_accounts",
delegated_scope: "read_account read_events create_event delete_event"
}
end
Then to auth with Cronofy you would navigate to /auth/cronofy_service_account
.
More information in Service Accounts documentation (link to follow).
Configurable options
scope
: A space-separated list of permissions you want to request for the service account. Doc link to follow.
delegated_scope
: A space-separated list of permissions you wish to request on the end-user accounts controlled by the Service Account. See the API Authorization documentation for a full list of available permissions.
{
:provider => "cronofy_service_account",
:uid => "ser_382374827234",
:info => {
:common_name => "company.com",
:domain => "company.com"
},
:credentials => {
:token => "token",
:refresh_token => "another_token",
:expires_at => 1424884727,
:expires => true
},
:extra => {
:raw_info => {
:sub = "ser_9324872847",
:cronofy.service_account.domain => "company.com",
:cronofy.type => "service_account"
}
}
}
The info
element may contain different elements, domain
and/or email
depending on the calendar service being integrated with. common_name
is always returned.
git checkout -b my-new-feature
)git commit -am 'Add some feature'
)git push origin my-new-feature
)FAQs
Unknown package
We found that omniauth-cronofy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.
Security News
CISA’s 2025 draft SBOM guidance adds new fields like hashes, licenses, and tool metadata to make software inventories more actionable.
Security News
A clarification on our recent research investigating 60 malicious Ruby gems.