omniauth / omniauth-oauth Goto Github PK

A generic OAuth strategy for OmniAuth.

License: MIT License

Ruby 100.00%

omniauth-oauth's Introduction

OmniAuth: Standardized Multi-Provider Authentication

This is the documentation for the in-development branch of OmniAuth. You can find the documentation for the latest stable release here

An Introduction

OmniAuth is a library that standardizes multi-provider authentication for web applications. It was created to be powerful, flexible, and do as little as possible. Any developer can create strategies for OmniAuth that can authenticate users via disparate systems. OmniAuth strategies have been created for everything from Facebook to LDAP.

In order to use OmniAuth in your applications, you will need to leverage one or more strategies. These strategies are generally released individually as RubyGems, and you can see a community maintained list on the wiki for this project.

One strategy, called Developer, is included with OmniAuth and provides a completely insecure, non-production-usable strategy that directly prompts a user for authentication information and then passes it straight through. You can use it as a placeholder when you start development and easily swap in other strategies later.

Getting Started

Each OmniAuth strategy is a Rack Middleware. That means that you can use it the same way that you use any other Rack middleware. For example, to use the built-in Developer strategy in a Sinatra application you might do this:

require 'sinatra'
require 'omniauth'

class MyApplication < Sinatra::Base
  use Rack::Session::Cookie
  use OmniAuth::Strategies::Developer
end

Because OmniAuth is built for multi-provider authentication, you may want to leave room to run multiple strategies. For this, the built-in OmniAuth::Builder class gives you an easy way to specify multiple strategies. Note that there is no difference between the following code and using each strategy individually as middleware. This is an example that you might put into a Rails initializer at config/initializers/omniauth.rb:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :developer unless Rails.env.production?
  provider :twitter, ENV['TWITTER_KEY'], ENV['TWITTER_SECRET']
end

You should look to the documentation for each provider you use for specific initialization requirements.

Integrating OmniAuth Into Your Application

OmniAuth is an extremely low-touch library. It is designed to be a black box that you can send your application's users into when you need authentication and then get information back. OmniAuth was intentionally built not to automatically associate with a User model or make assumptions about how many authentication methods you might want to use or what you might want to do with the data once a user has authenticated. This makes OmniAuth incredibly flexible. To use OmniAuth, you need only to redirect users to /auth/:provider, where :provider is the name of the strategy (for example, developer or twitter). From there, OmniAuth will take over and take the user through the necessary steps to authenticate them with the chosen strategy.

Once the user has authenticated, what do you do next? OmniAuth simply sets a special hash called the Authentication Hash on the Rack environment of a request to /auth/:provider/callback. This hash contains as much information about the user as OmniAuth was able to glean from the utilized strategy. You should set up an endpoint in your application that matches to the callback URL and then performs whatever steps are necessary for your application.

The omniauth.auth key in the environment hash provides an Authentication Hash which will contain information about the just authenticated user including a unique id, the strategy they just used for authentication, and personal details such as name and email address as available. For an in-depth description of what the authentication hash might contain, see the Auth Hash Schema wiki page.

Note that OmniAuth does not perform any actions beyond setting some environment information on the callback request. It is entirely up to you how you want to implement the particulars of your application's authentication flow.

rack_csrf

omniauth is not OOTB-compatible with rack_csrf. In order to do so, the following code needs to be added to the application bootstrapping code:

OmniAuth::AuthenticityTokenProtection.default_options(key: "csrf.token", authenticity_param: "_csrf")

Rails (without Devise)

To get started, add the following gems

Gemfile:

gem 'omniauth'
gem "omniauth-rails_csrf_protection"

Then insert OmniAuth as a middleware

config/initializers/omniauth.rb:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :developer if Rails.env.development?
end

Additional providers can be added here in the future. Next we wire it all up using routes, a controller and a login view.

config/routes.rb:

  get 'auth/:provider/callback', to: 'sessions#create'
  get '/login', to: 'sessions#new'

app/controllers/sessions_controller.rb:

class SessionsController < ApplicationController
  def new
    render :new
  end

  def create
    user_info = request.env['omniauth.auth']
    raise user_info # Your own session management should be placed here.
  end
end

app/views/sessions/new.html.erb:

<%= form_tag('/auth/developer', method: 'post', data: {turbo: false}) do %>
  <button type='submit'>Login with Developer</button>
<% end %>

Now if you visit /login and click the Login button, you should see the OmniAuth developer login screen. After submitting it, you are returned to your application at Sessions#create. The raise should now display all the Omniauth details you have available to integrate it into your own user management.

If you want out of the box usermanagement, you should consider using Omniauth through Devise. Please visit the Devise Github page for more information.

Rails API

The following middleware are (by default) included for session management in Rails applications. When using OmniAuth with a Rails API, you'll need to add one of these required middleware back in:

ActionDispatch::Session::CacheStore
ActionDispatch::Session::CookieStore
ActionDispatch::Session::MemCacheStore

The trick to adding these back in is that, by default, they are passed session_options when added (including the session key), so you can't just add a session_store.rb initializer, add use ActionDispatch::Session::CookieStore and have sessions functioning as normal.

To be clear: sessions may work, but your session options will be ignored (i.e. the session key will default to _session_id). Instead of the initializer, you'll have to set the relevant options somewhere before your middleware is built (like application.rb) and pass them to your preferred middleware, like this:

application.rb:

config.session_store :cookie_store, key: '_interslice_session'
config.middleware.use ActionDispatch::Cookies # Required for all session management
config.middleware.use ActionDispatch::Session::CookieStore, config.session_options

(Thanks @mltsy)

Logging

OmniAuth supports a configurable logger. By default, OmniAuth will log to STDOUT but you can configure this using OmniAuth.config.logger:

# Rails application example
OmniAuth.config.logger = Rails.logger

Origin Param

The origin url parameter is typically used to inform where a user came from and where, should you choose to use it, they'd want to return to. Omniauth supports the following settings which can be configured on a provider level:

Default:

provider :twitter, ENV['KEY'], ENV['SECRET']
POST /auth/twitter/?origin=[URL]
# If the `origin` parameter is blank, `omniauth.origin` is set to HTTP_REFERER

Using a differently named origin parameter:

provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: 'return_to'
POST /auth/twitter/?return_to=[URL]
# If the `return_to` parameter is blank, `omniauth.origin` is set to HTTP_REFERER

Disabled:

provider :twitter, ENV['KEY'], ENV['SECRET'], origin_param: false
POST /auth/twitter
# This means the origin should be handled by your own application. 
# Note that `omniauth.origin` will always be blank.

Resources

The OmniAuth Wiki has actively maintained in-depth documentation for OmniAuth. It should be your first stop if you are wondering about a more in-depth look at OmniAuth, how it works, and how to use it.

OmniAuth for Enterprise

Available as part of the Tidelift Subscription.

The maintainers of OmniAuth and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. Learn more.

Supported Ruby Versions

OmniAuth is tested under 2.5, 2.6, 2.7, 3.0, 3.1, 3.2, truffleruby, and JRuby.

Versioning

This library aims to adhere to Semantic Versioning 2.0.0. Violations of this scheme should be reported as bugs. Specifically, if a minor or patch version is released that breaks backward compatibility, that version should be immediately yanked and/or a new version should be immediately released that restores compatibility. Breaking changes to the public API will only be introduced with new major versions. As a result of this policy, you can (and should) specify a dependency on this gem using the Pessimistic Version Constraint with two digits of precision. For example:

spec.add_dependency 'omniauth', '~> 1.0'

License

omniauth-oauth's People

Contributors

Stargazers

Watchers

omniauth-oauth's Issues

one test is failing - OmniAuth::Strategies::OAuth /auth/{name} successful should pass request_params to get_request_token

pravi@savannah:/media/forge/debian/diaspora/ruby-omniauth-oauth-1.0.1$ ~/.multiruby/install/v1_9_3_194/bin/ruby -S bundle install
fatal: Not a git repository (or any parent up to mount point /media/forge)
Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).
fatal: Not a git repository (or any parent up to mount point /media/forge)
Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).
fatal: Not a git repository (or any parent up to mount point /media/forge)
Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).
/home/pravi/.multiruby/install/v1_9_3_194/lib/ruby/1.9.1/yaml.rb:56:in `<top (required)>':
It seems your ruby installation is missing psych (for YAML output).
To eliminate this warning, please install libyaml and reinstall your ruby.
Fetching source index from http://rubygems.org/
Resolving dependencies...............
Using addressable (2.3.4) 
Using bundler (1.3.5) 
Using coderay (1.0.9) 
Using crack (0.3.2) 
Using diff-lcs (1.2.4) 
Using ffi (1.8.1) 
Using formatador (0.2.4) 
Installing growl (1.0.3) 
Using rb-fsevent (0.9.3) 
Using rb-inotify (0.9.0) 
Using rb-kqueue (0.2.0) 
Using listen (1.1.3) 
Using lumberjack (1.0.3) 
Using method_source (0.8.1) 
Using slop (3.4.5) 
Using pry (0.9.12.2) 
Using thor (0.18.1) 
Using guard (1.8.0) 
Installing guard-bundler (1.0.0) 
Using rspec-core (2.13.1) 
Using rspec-expectations (2.13.0) 
Using rspec-mocks (2.13.1) 
Using rspec (2.13.0) 
Using guard-rspec (3.0.0) 
Using hashie (2.0.5) 
Installing multi_json (1.7.3) 
Installing oauth (0.4.7) 
Using rack (1.5.2) 
Using omniauth (1.1.4) 
Using omniauth-oauth (1.0.1) from source at /media/forge/debian/diaspora/ruby-omniauth-oauth-1.0.1 
Using rack-test (0.6.2) 
Installing simplecov-html (0.7.1) 
Installing simplecov (0.7.1) 
Using webmock (1.11.0) 
Your bundle is complete!
Use `bundle show [gemname]` to see where a bundled gem is installed.
pravi@savannah:/media/forge/debian/diaspora/ruby-omniauth-oauth-1.0.1$ ~/.multiruby/install/v1_9_3_194/bin/ruby -S rspec
/home/pravi/.multiruby/install/v1_9_3_194/lib/ruby/1.9.1/yaml.rb:56:in `<top (required)>':
It seems your ruby installation is missing psych (for YAML output).
To eliminate this warning, please install libyaml and reinstall your ruby.
.I, [2013-05-26T20:11:56.895442 #32102]  INFO -- omniauth: (example.org) Request phase initiated.
.I, [2013-05-26T20:11:56.915921 #32102]  INFO -- omniauth: (example.org) Request phase initiated.
I, [2013-05-26T20:11:56.919240 #32102]  INFO -- omniauth: (example.org_with_authorize_params) Request phase initiated.
.I, [2013-05-26T20:11:56.922659 #32102]  INFO -- omniauth: (example.org) Request phase initiated.
.I, [2013-05-26T20:11:56.926342 #32102]  INFO -- omniauth: (example.org) Request phase initiated.
I, [2013-05-26T20:11:56.950960 #32102]  INFO -- omniauth: (example.org_with_request_params) Request phase initiated.
FI, [2013-05-26T20:11:56.956061 #32102]  INFO -- omniauth: (example.org) Request phase initiated.
E, [2013-05-26T20:11:56.958493 #32102] ERROR -- omniauth: (example.org) Authentication failure! service_unavailable: Net::HTTPFatalError, 502 "Bad Gateway"
.I, [2013-05-26T20:11:56.961315 #32102]  INFO -- omniauth: (example.org) Request phase initiated.
E, [2013-05-26T20:11:56.963704 #32102] ERROR -- omniauth: (example.org) Authentication failure! service_unavailable: Net::HTTPFatalError, 502 "Bad Gateway"
I, [2013-05-26T20:11:56.964550 #32102]  INFO -- omniauth: (example.org) Request phase initiated.
E, [2013-05-26T20:11:56.966829 #32102] ERROR -- omniauth: (example.org) Authentication failure! service_unavailable: OpenSSL::SSL::SSLError, SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
.I, [2013-05-26T20:11:56.968798 #32102]  INFO -- omniauth: (example.org) Callback phase initiated.
.I, [2013-05-26T20:11:56.973010 #32102]  INFO -- omniauth: (example.org) Callback phase initiated.
.I, [2013-05-26T20:11:56.977238 #32102]  INFO -- omniauth: (example.org) Callback phase initiated.
I, [2013-05-26T20:11:56.980529 #32102]  INFO -- omniauth: (example.org) Callback phase initiated.
E, [2013-05-26T20:11:56.982720 #32102] ERROR -- omniauth: (example.org) Authentication failure! service_unavailable: Net::HTTPFatalError, 502 "Bad Gateway"
.I, [2013-05-26T20:11:56.984091 #32102]  INFO -- omniauth: (example.org) Callback phase initiated.
I, [2013-05-26T20:11:56.987291 #32102]  INFO -- omniauth: (example.org) Callback phase initiated.
E, [2013-05-26T20:11:56.989545 #32102] ERROR -- omniauth: (example.org) Authentication failure! service_unavailable: OpenSSL::SSL::SSLError, SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
.I, [2013-05-26T20:11:56.990947 #32102]  INFO -- omniauth: (example.org) Callback phase initiated.
E, [2013-05-26T20:11:56.991125 #32102] ERROR -- omniauth: (example.org) Authentication failure! session_expired: OmniAuth::NoSessionError, Session Expired
.

Failures:

  1) OmniAuth::Strategies::OAuth /auth/{name} successful should pass request_params to get_request_token
     Failure/Error: WebMock.should have_requested(:post, 'https://api.example.org/oauth/request_token').
       The request POST https://api.example.org/oauth/request_token with given block was expected to execute 1 time but it executed 0 times                                                                                                 

       The following requests were made:

       POST https://api.example.org/oauth/request_token with headers {'Accept'=>'*/*', 'Authorization'=>'OAuth oauth_callback="http%3A%2F%2Fexample.org%2Fauth%2Fexample.org%2Fcallback", oauth_consumer_key="abc", oauth_nonce="AKviGgd4tH80peRV7F87maMyEhqggKuhEiM7DnxQ2T8", oauth_signature="cAJqZaTGW%2BptYMt%2FmNh1CkOhz2Y%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1369579316", oauth_version="1.0"', 'Content-Length'=>'0', 'Content-Type'=>'application/x-www-form-urlencoded', 'User-Agent'=>'OAuth gem v0.4.7'} was made 1 time
       POST https://api.example.org/oauth/request_token with body 'scope=http%3A%2F%2Ffoobar.example.org' with headers {'Accept'=>'*/*', 'Authorization'=>'OAuth oauth_callback="http%3A%2F%2Fexample.org%2Fauth%2Fexample.org_with_request_params%2Fcallback", oauth_consumer_key="abc", oauth_nonce="tEhMZWy67br7zU7gxqj1xfjbSTER9nqxECfrALeJ8hg", oauth_signature="V0VeZVBOPrIoEodC5fGo0Csqelg%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1369579316", oauth_version="1.0"', 'Content-Length'=>'0', 'Content-Type'=>'application/x-www-form-urlencoded', 'User-Agent'=>'OAuth gem v0.4.7'} was made 1 time

       ============================================================
     # ./spec/omniauth/strategies/oauth_spec.rb:60:in `block (4 levels) in <top (required)>'

Finished in 0.15991 seconds
12 examples, 1 failure

Failed examples:

rspec ./spec/omniauth/strategies/oauth_spec.rb:58 # OmniAuth::Strategies::OAuth /auth/{name} successful should pass request_params to get_request_token

Should subclasses be added to Strategies?

OmniAuth.strategies should (I think?) include a list of all available strategies. However, descendants of OmniAuth::Strategies::OAuth aren't included because `OmniAuth::Strategy:: only is called for the first class including it, not its descendants.

OmniAuth::Strategies::OAuth2 has a fix, I'm wondering if this should apply here as well?

undefined method `delete' for nil:NilClass

I am getting an occasional issue (3 occurrences in about 500 attempts) when users try to authenticate with Twitter. I am trying to fix the issue but I am not yet knowledgable enough on the internal workings of OmniAuth and figured someone else may be able to fix it faster. Here is the stack trace, url params, and session info of one of the failed requests:

Stack Trace:
NilClass# (NoMethodError) "undefined method delete' for nil:NilClass" /app/vendor/bundle/ruby/1.9.1/gems/omniauth-oauth-1.0.1/lib/omniauth/strategies/oauth.rb:48:incallback_phase'
/app/vendor/bundle/ruby/1.9.1/gems/omniauth-1.1.0/lib/omniauth/strategy.rb:219:in callback_call' /app/vendor/bundle/ruby/1.9.1/gems/omniauth-1.1.0/lib/omniauth/strategy.rb:175:incall!'
/app/vendor/bundle/ruby/1.9.1/gems/omniauth-1.1.0/lib/omniauth/strategy.rb:157:in call' /app/vendor/bundle/ruby/1.9.1/gems/omniauth-1.1.0/lib/omniauth/strategy.rb:177:incall!'
/app/vendor/bundle/ruby/1.9.1/gems/omniauth-1.1.0/lib/omniauth/strategy.rb:157:in call' /app/vendor/bundle/ruby/1.9.1/gems/omniauth-1.1.0/lib/omniauth/builder.rb:48:incall'
/app/vendor/bundle/ruby/1.9.1/gems/exceptional-2.0.32/lib/exceptional/integration/rack_rails.rb:13:in call' /app/vendor/bundle/ruby/1.9.1/gems/actionpack-3.2.3/lib/action_dispatch/middleware/best_standards_support.rb:17:incall'
/app/vendor/bundle/ruby/1.9.1/gems/rack-1.4.1/lib/rack/etag.rb:23:in call' /app/vendor/bundle/ruby/1.9.1/gems/rack-1.4.1/lib/rack/conditionalget.rb:25:incall'
/app/vendor/bundle/ruby/1.9.1/gems/actionpack-3.2.3/lib/action_dispatch/middleware/head.rb:14:in call' /app/vendor/bundle/ruby/1.9.1/gems/actionpack-3.2.3/lib/action_dispatch/middleware/params_parser.rb:21:incall'
/app/vendor/bundle/ruby/1.9.1/gems/actionpack-3.2.3/lib/action_dispatch/middleware/flash.rb:242:in call' /app/vendor/bundle/ruby/1.9.1/gems/rack-1.4.1/lib/rack/session/abstract/id.rb:205:incontext'
/app/vendor/bundle/ruby/1.9.1/gems/rack-1.4.1/lib/rack/session/abstract/id.rb:200:in call' /app/vendor/bundle/ruby/1.9.1/gems/actionpack-3.2.3/lib/action_dispatch/middleware/cookies.rb:338:incall'
/app/vendor/bundle/ruby/1.9.1/gems/actionpack-3.2.3/lib/action_dispatch/middleware/callbacks.rb:28:in block in call' /app/vendor/bundle/ruby/1.9.1/gems/activesupport-3.2.3/lib/active_support/callbacks.rb:405:in_run__622710885669741672__call__2802837077016637006__callbacks'
/app/vendor/bundle/ruby/1.9.1/gems/activesupport-3.2.3/lib/active_support/callbacks.rb:405:in __run_callback' /app/vendor/bundle/ruby/1.9.1/gems/activesupport-3.2.3/lib/active_support/callbacks.rb:385:in_run_call_callbacks'
/app/vendor/bundle/ruby/1.9.1/gems/activesupport-3.2.3/lib/active_support/callbacks.rb:81:in run_callbacks' /app/vendor/bundle/ruby/1.9.1/gems/actionpack-3.2.3/lib/action_dispatch/middleware/callbacks.rb:27:incall'
/app/vendor/bundle/ruby/1.9.1/gems/actionpack-3.2.3/lib/action_dispatch/middleware/remote_ip.rb:31:in call' /app/vendor/bundle/ruby/1.9.1/gems/actionpack-3.2.3/lib/action_dispatch/middleware/debug_exceptions.rb:16:incall'
/app/vendor/bundle/ruby/1.9.1/gems/actionpack-3.2.3/lib/action_dispatch/middleware/show_exceptions.rb:56:in call' /app/vendor/bundle/ruby/1.9.1/gems/railties-3.2.3/lib/rails/rack/logger.rb:26:incall_app'
/app/vendor/bundle/ruby/1.9.1/gems/railties-3.2.3/lib/rails/rack/logger.rb:16:in call' /app/vendor/bundle/ruby/1.9.1/gems/actionpack-3.2.3/lib/action_dispatch/middleware/request_id.rb:22:incall'
/app/vendor/bundle/ruby/1.9.1/gems/rack-1.4.1/lib/rack/methodoverride.rb:21:in call' /app/vendor/bundle/ruby/1.9.1/gems/rack-1.4.1/lib/rack/runtime.rb:17:incall'
/app/vendor/bundle/ruby/1.9.1/gems/activesupport-3.2.3/lib/active_support/cache/strategy/local_cache.rb:72:in call' /app/vendor/bundle/ruby/1.9.1/gems/rack-1.4.1/lib/rack/lock.rb:15:incall'
/app/vendor/bundle/ruby/1.9.1/gems/actionpack-3.2.3/lib/action_dispatch/middleware/static.rb:62:in call' /app/vendor/bundle/ruby/1.9.1/gems/rack-cache-1.2/lib/rack/cache/context.rb:136:inforward'
/app/vendor/bundle/ruby/1.9.1/gems/rack-cache-1.2/lib/rack/cache/context.rb:245:in fetch' /app/vendor/bundle/ruby/1.9.1/gems/rack-cache-1.2/lib/rack/cache/context.rb:185:inlookup'
/app/vendor/bundle/ruby/1.9.1/gems/rack-cache-1.2/lib/rack/cache/context.rb:66:in call!' /app/vendor/bundle/ruby/1.9.1/gems/rack-cache-1.2/lib/rack/cache/context.rb:51:incall'
/app/vendor/bundle/ruby/1.9.1/gems/railties-3.2.3/lib/rails/engine.rb:479:in call' /app/vendor/bundle/ruby/1.9.1/gems/railties-3.2.3/lib/rails/application.rb:220:incall'
/app/vendor/bundle/ruby/1.9.1/gems/rack-1.4.1/lib/rack/content_length.rb:14:in call' /app/vendor/bundle/ruby/1.9.1/gems/railties-3.2.3/lib/rails/rack/log_tailer.rb:14:incall'
/app/vendor/bundle/ruby/1.9.1/gems/thin-1.3.1/lib/thin/connection.rb:80:in block in pre_process' /app/vendor/bundle/ruby/1.9.1/gems/thin-1.3.1/lib/thin/connection.rb:78:incatch'
/app/vendor/bundle/ruby/1.9.1/gems/thin-1.3.1/lib/thin/connection.rb:78:in pre_process' /app/vendor/bundle/ruby/1.9.1/gems/thin-1.3.1/lib/thin/connection.rb:53:inprocess'
/app/vendor/bundle/ruby/1.9.1/gems/thin-1.3.1/lib/thin/connection.rb:38:in receive_data' /app/vendor/bundle/ruby/1.9.1/gems/eventmachine-0.12.10/lib/eventmachine.rb:256:inrun_machine'
/app/vendor/bundle/ruby/1.9.1/gems/eventmachine-0.12.10/lib/eventmachine.rb:256:in run' /app/vendor/bundle/ruby/1.9.1/gems/thin-1.3.1/lib/thin/backends/base.rb:61:instart'
/app/vendor/bundle/ruby/1.9.1/gems/thin-1.3.1/lib/thin/server.rb:159:in start' /app/vendor/bundle/ruby/1.9.1/gems/rack-1.4.1/lib/rack/handler/thin.rb:13:inrun'
/app/vendor/bundle/ruby/1.9.1/gems/rack-1.4.1/lib/rack/server.rb:265:in start' /app/vendor/bundle/ruby/1.9.1/gems/railties-3.2.3/lib/rails/commands/server.rb:70:instart'
/app/vendor/bundle/ruby/1.9.1/gems/railties-3.2.3/lib/rails/commands.rb:55:in block in <top (required)>' /app/vendor/bundle/ruby/1.9.1/gems/railties-3.2.3/lib/rails/commands.rb:50:intap'
/app/vendor/bundle/ruby/1.9.1/gems/railties-3.2.3/lib/rails/commands.rb:50:in `<top (required)>'

URL Params:
{ "oauth_token" : "DkjTqzDRtHpgjhqkloVLo8I6MeikM3lgadO3Bd5W54", "oauth_verifier" : "ytZE5xpofiduRcnTvDwuRvKZNT4eG9WqbS2tcZ9qw8", }

Relevant Session Info:
"oauth" : { "linkedin" : { "callback_confirmed" : "true"} }

Dynamically Setting authorize_params?

Is there any way to pass in authorize_params outside of the main configuration?

What I am trying to do is optionally use Twitter's force_login and screen_name parameters.

See: https://dev.twitter.com/docs/api/1/get/oauth/authenticate

Force_login isn't that big of a deal if it is always set to false, however, screen_name is only valuable if it can be defined else where and passed in.

It looks like I could hack it into request_token, but I get the feeling I am missing something obvious to make this work a bit cleaner.

Thanks,
Scott

Session become empty when using sinatra app

Found something which needs to be looked.

Example: A sinatra app with having :session, true as a configuration.

this will reset session as {} and an error raised on our callback_phase method where we are checking raise OmniAuth::NoSessionError.new("Session Expired") if session['oauth'].nil?

Any idea??

Without session config in sinatra it contains

{"oauth"=>{"twitter"=>{"callback_confirmed"=>true, "request_token"=>"some token", "request_secret"=>"some secret"}}}

related issue here arunagw/omniauth-twitter#42