If there's one thing I've learnt over the last three Rails Rumbles, it's that if you ask a user to create an account on your web application, then you may as well be asking them to leave. I attribute a great part of the early success of Decaf Sucks to our use of Twitter for user authentication.
For our latest release, we added Facebook as another login provider, to help broaden our potential userbase. We used Michael Bleigh's OmniAuth, a minimal and flexible Rack-based external authentication system, for handling authentication from these different providers in a unified way. Michael just this month made the first public announcement about OmniAuth, but it's been working well for us for a quite while.
Announcing OmniSocial: a Rails 3 Engine for Twitter and Facebook Logins
One of OmniAuth's benefits is its unobtrusiveness. Once you've got an authenticated user's information from an external service, it leaves it up to you how to handle it. This is great: it means you can use the library in whatever way your app needs. However, this means there is no immediate or obvious path for integrating it into a Rails application. This is where OmniSocial can help. OmniSocial is a Rails 3 engine that uses OmniAuth to provide Twitter and Facebook logins in your application.
With OmniSocial, this is what you get:
- Out of the box Rails 3 OmniAuth configuration for Twitter and Facebook
- User and LoginAccount models that store the basic information of users from these services (login, name, picture URL)
- An AuthController with pages to help the user select a service, then find or create a User once they've logged in
- A before_filter for requiring logins to access particular controller ations
- User account helpers for your controllers and views (such as
In short, everything you need to get Twitter and Facebook logins up and running with minimal fuss.
omnisocial to your Gemfile and
bundle install. Then run
rails generate omnisocial to copy the migration and static assets into your base app directory and
rake db:migrate to create the necessary tables in your database.
Update your layout file to include the OmniSocial CSS (optional of course, but this will give you a better out of box experience):
<link rel="stylesheet" type="text/css" media="screen" href="/stylesheets/omnisocial.css"/>
config/intializers/omnisocial.rb and add your Twitter and Facebook application keys and secrets. I like to separate the configuration based on the Rails environment:
Omnisocial.setup do |config| if Rails.env.production? # Configs for live, production twitter and facebook apps config.twitter 'APP_KEY', 'APP_SECRET' config.facebook 'APP_KEY', 'APP_SECRET' elsif Rails.env.development? # Configs for testing apps config.twitter 'APP_KEY', 'APP_SECRET' config.facebook 'APP_KEY', 'APP_SECRET' end end
/auth in your app to see an informative page that lets the user select a login service. These big chunky buttons are available as helpers (
big_facebook_login_button) if you want to use them elsewhere. You can also more standard-looking login buttons via the
facebook_login_button helpers. If you want to customise this page, just create your own
After logging in, a User account will found or created and accessible through the
current_user controller method and view helper. You're up and running! These are the attributes/methods of the user that will be useful:
Once you're done, you can visit
/logout to log out of the app (or use the
logout! controller method wherever you like).
Customising the User Model
As a developer, you'll probably want to establish some associations between the User model and others in your application. To help you with this, the OmniSocial generates a
user.rb directly in your
app/models directory. This is the model that it refers to when finding or creating users based on their Twitter or Facebook logins. You can edit this model to have it do whatever your application required.
Rails Rumblers, This Can Help
This year's Rails Rumble will be the first that I miss, but hopefully OmniSocial can ensure that I'm present in spirit. For anyone working over the Rumble weekend to build an app requiring user logins, then I encourage you to give it a go. It should be quick and easy to use, and the external authentication should make it easier for people to try your application out.