
Security News
Astral Launches pyx: A Python-Native Package Registry
Astral unveils pyx, a Python-native package registry in beta, designed to speed installs, enhance security, and integrate deeply with uv.
= warden_oauth
warden_oauth enhances the Warden authentication framework, offering a simple interface for creating oauth strategies.
== Getting Started
To get started you just have to require the warden_oauth libraries, and setup the oauth services you would like to have on the Warden::Manager middleware declaration:
Warden::Manager do |config| config.failure_app = FailureApp config.oauth(:twitter) do |twitter| twitter.consumer_secret = twitter.consumer_key = twitter.options :site => 'http://twitter.com' end config.default_strategies(:twitter_oauth, :password, :other) end
== Giving an Access Token fetcher
Users get identified on a system via an access_token and an access_secret, when a valid access_token is recevied, warden_oauth calls a fetcher declared on Warden::OAuth.access_token_user_finder(:<strategy_key>).
Warden::OAuth.access_token_user_finder(:twitter) do |access_token| User.find_by_access_token_and_access_secret(access_token.token, access_token.secret) end
If a user is returned, then this is the user that is going to be authenticated in the session, otherwise the FailureApp will be called, you may check the env['warden.options'][:oauth][:access_token] to check the original access_token and create a new user from there if desired.
== Strategy Class info
When you declare an oauth strategy on the Warden::Config initialization, (e.g. config.oauth(:service_name)) a Warden::OAuth::Strategy::ServiceName will be declared, at the same time this class will be registered as :service_name_oauth on the Warden::Strategies.
So when we have a declaration like the one we have in the Getting Started section, we will have an Strategy class called Warden::OAuth::Strategy::Twitter, and this will be registered as :twitter_oauth on the Warden::Strategies.
== Running the Strategy
In order to get the strategy running in the app, you have to specify a parameter called warden_oauth_provider with the name of the oauth service you want to use. So for example, if you would like to boot the twitter oauth example given on the "Getting Started" section you just have to specify the parameter on a protected url.
In Rails:
link_to 'Twitter Authentication', url_for(login_path(:warden_oauth_provider => 'twitter'))
There can be 3 different outcomes from this strategy:
Note:
In Rails, don't set the :warden_oauth_provider parameter as part of the login route, if you do this, rails will catch the parameter, but not the warden rack middleware, ergo, it won't work as expected.
== Examples
If you want to know how to make a twitter authentication client, check examples/twitter/application.rb
== Note on Patches/Pull Requests
For any error send an email to: romanandreg [at] gmail [dot] com
== Copyright
Copyright (c) 2009 Roman Gonzalez. See LICENSE for details.
FAQs
Unknown package
We found that warden_oauth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Astral unveils pyx, a Python-native package registry in beta, designed to speed installs, enhance security, and integrate deeply with uv.
Security News
The Latio podcast explores how static and runtime reachability help teams prioritize exploitable vulnerabilities and streamline AppSec workflows.
Security News
The latest Opengrep releases add Apex scanning, precision rule tuning, and performance gains for open source static code analysis.