This gem allows you to add Google sign-in to your Rails app. You can let users sign up for and sign in to your service with their Google accounts.
Add google_sign_in
to your Rails app’s Gemfile and run bundle install
:
gem 'google_sign_in'
Google Sign-In for Rails requires Rails 5.2 or newer.
First, set up an OAuth 2.0 Client ID in the Google API Console:
-
Go to the API Console.
-
In the projects menu at the top of the page, ensure the correct project is selected or create a new one.
-
In the left-side navigation menu, choose APIs & Services → Credentials.
-
Click the button labeled “Create credentials.” In the menu that appears, choose to create an OAuth client ID.
-
When prompted to select an application type, select Web application.
-
Enter your application’s name.
-
This gem adds a single OAuth callback to your app at
/google_sign_in/callback
. Under Authorized redirect URIs, add that callback for your application’s domain: for example,https://example.com/google_sign_in/callback
.To use Google sign-in in development, you’ll need to add another redirect URI for your local environment, like
http://localhost:3000/google_sign_in/callback
. For security reasons, we recommend using a separate client ID for local development. Repeat these instructions to set up a new client ID for development. -
Click the button labeled “Create.” You’ll be presented with a client ID and client secret. Save these.
With your client ID set up, configure your Rails application to use it. Run bin/rails credentials:edit
to edit your
app’s encrypted credentials and add the following:
google_sign_in:
client_id: [Your client ID here]
client_secret: [Your client secret here]
You’re all set to use Google sign-in now. The gem automatically uses the client ID and client secret in your credentials.
Alternatively, you can provide the client ID and client secret using ENV variables. Add a new initializer that sets
config.google_sign_in.client_id
and config.google_sign_in.client_secret
:
# config/initializers/google_sign_in.rb
Rails.application.configure do
config.google_sign_in.client_id = ENV['google_sign_in_client_id']
config.google_sign_in.client_secret = ENV['google_sign_in_client_secret']
end
- (Optional) The callback route can be configured using:
# config/initializers/google_sign_in.rb
Rails.application.configure do
config.google_sign_in.root = "my_own/google_sign_in_route"
end
Which would make the callback /my_own/google_sign_in_route/callback
.
This gem provides a google_sign_in_button
helper. It generates a button which initiates Google sign-in:
<%= google_sign_in_button 'Sign in with my Google account', proceed_to: create_login_url %>
<%= google_sign_in_button image_tag('google_logo.png', alt: 'Google'), proceed_to: create_login_url %>
<%= google_sign_in_button proceed_to: create_login_url do %>
Sign in with my <%= image_tag('google_logo.png', alt: 'Google') %> account
<% end %>
The proceed_to
argument is required. After authenticating with Google, the gem redirects to proceed_to
, providing
a Google ID token in flash[:google_sign_in][:id_token]
or an OAuth authorizaton code grant error
in flash[:google_sign_in][:error]
. Your application decides what to do with it:
# config/routes.rb
Rails.application.routes.draw do
# ...
get 'login', to: 'logins#new'
get 'login/create', to: 'logins#create', as: :create_login
end
# app/controllers/logins_controller.rb
class LoginsController < ApplicationController
def new
end
def create
if user = authenticate_with_google
cookies.signed[:user_id] = user.id
redirect_to user
else
redirect_to new_session_url, alert: 'authentication_failed'
end
end
private
def authenticate_with_google
if id_token = flash[:google_sign_in][:id_token]
User.find_by google_id: GoogleSignIn::Identity.new(id_token).user_id
elsif error = flash[:google_sign_in][:error]
logger.error "Google authentication error: #{error}"
nil
end
end
end
(The above example assumes the user has already signed up for your service and that you’re storing their Google user ID
in the User#google_id
attribute.)
For security reasons, the proceed_to
URL you provide to google_sign_in_button
is required to reside on the same
origin as your application. This means it must have the same protocol, host, and port as the page where
google_sign_in_button
is used. We enforce this before redirecting to the proceed_to
URL to guard against
open redirects.
The GoogleSignIn::Identity
class decodes and verifies the integrity of a Google ID token. It exposes the profile
information contained in the token via the following instance methods:
-
name
-
email_address
-
user_id
: A string that uniquely identifies a single Google user. Use this, notemail_address
, to associate a Google user with an application user. A Google user’s email address may change, but theiruser_id
will remain constant. -
email_verified?
-
avatar_url
-
locale
-
hosted_domain
: The user’s hosted G Suite domain, provided only if they belong to a G Suite. -
given_name
: The user's given name. -
family_name
: The user's last name.
For information on our security response procedure, see SECURITY.md.
Short of patching critical security issues, this gem is now considered done, and will not see any further feature development or minor bug fixes. Feel free to fork this work under the MIT license and continue the feature development under a different name.
Google Sign-In for Rails is released under the MIT License.
Google is a registered trademark of Google LLC. This project is not operated by or in any way affiliated with Google LLC.
google_sign_in's People
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.