Skip to content

Latest commit

 

History

History
157 lines (121 loc) · 4.81 KB

README.md

File metadata and controls

157 lines (121 loc) · 4.81 KB

Omniauth::Strategies::YourMembershipToken

This is an OmniAuth Strategy for authenticating to YourMembership implementations using token-based authentication.

Installation

Add these lines to your application's Gemfile:

gem 'omniauth'
gem 'omniauth-your-membership-token'

And then execute:

$ bundle install

Usage

OmniAuth::Strategies::YourMembershipToken is simply a Rack middleware. Read the OmniAuth docs for detailed instructions: https://github.com/intridea/omniauth.

This strategy depends on the your_membership gem. You will need to configure your YourMembership environment before you can use this strategy for authentication. Read the documentation for that gem for instructions: https://github.com/ECHOInternational/your_membership

Here's a quick example, adding the middleware to a Rails app in config/initializers/omniauth.rb:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :yourMembershipToken
end

Auth Hash

Here's an example Auth Hash available in request.env['omniauth.auth']:

{
  :provider => YourMembershipToken,
  :uid => 234235D-3234-2342252-AS432, # YourMembership API Member ID
  :extra => {
    :access_token => 453532-D234234-234234-D2132, # YourMembership Authenticated Session ID
  }
}

Interacting with the returned Session ID

request.env['omniauth.auth']['extra']['access_token'] provides the authenticated session ID as a way for the authenticated user to interact with the YourMembership API through the Ruby SDK.

Due to the fact that Rails (and most other frameworks) don't maintain object state between requests it is incumbent upon you to implement the storage and retrieval of the Session ID and an ever-incrementing call counter.

Upon authorization set the call counter to 10 or more to account for calls during authentication.

Here's an example of how to maintain a call counter in an ActiveRecord model. Your User table will need to have these fields at minimum:

  • provider
  • uid
  • remote_session_call_counter
  • remote_session
class User < ActiveRecord::Base

  # Create user if it doesn't exist (this probably isn't necessary if you're using Devise or another Auth Framework)
  def self.create_with_omniauth(auth)
    create! do |user|
      user.provider = auth['provider']
      user.uid = auth['uid']
    end
  end

  # An example API call
  def member
    # You need to increment the call_counter before every call or you'll get errors from YourMembership's API
    update_remote_session_call_counter
    YourMembership::Member.create_from_session ym_session
  end

  def ym_session
    # Cache the session object so that you aren't re-creating it with every call.
    @session ||= YourMembership::Session.new remote_session, remote_session_call_counter
  end

  def update_remote_session_call_counter
    # Make the database call_counter match that which is in the session object
    update(remote_session_call_counter: ym_session.call_id)
  end

  def abandon_remote_session
    begin
      update_remote_session_call_counter
      ym_session.abandon
    rescue YourMembership::Error => e
      logger.info "YourMembership returned error #{e.error_code}: #{e.error_description}"
    ensure
      update(remote_session: nil)
      update(remote_session_call_counter: 200)
      save
    end
  end
end

And you would want to do something like this in your session controller:

class SessionsController < ApplicationController
  # This will save you a headache when using remote authentication
  skip_before_filter :verify_authenticity_token, :only => :create
  
  # This is the standard way to access an OmniAuth strategy, this may change for your framework of choice.
  def new
    redirect_to '/auth/yourmembershiptoken'
  end

  def create
    auth = request.env["omniauth.auth"]
    user = User.where(:provider => auth['provider'],
                      :uid => auth['uid'].to_s).first || User.create_with_omniauth(auth)

    #Remember the current session so you can access it later
    user.remote_session = auth['extra']['access_token']
    user.remote_session_call_counter = 300
    user.save

    reset_session
    session[:user_id] = user.id
    redirect_to root_url, :notice => 'Signed in!'
  end

  def destroy
    current_user.abandon_remote_session
    reset_session
    redirect_to root_url, :notice => 'Signed out!'
  end

  def failure
    redirect_to root_url, :alert => "Authentication error: #{params[:message].humanize}"
  end

end

Session Expiration

You'll need to watch out for sessions expiring. An easy way to recover from an expired session is to write a rescue_from method in your application.rb

Here's an example:

rescue_from YourMembership::Error do | error |
  case error.error_code
  when '202'
    reset_session
    redirect_to root_url, :notice => 'Your Session Timed Out.'
  else
    raise error
  end
end