Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

what is the omniauth & email-password registration best practice?

What is the best practice for combining Facebook login (let's say I'll use Omniauth gem) and email+password login?

I saw a few blogs, saw the Railscasts, I know everyone is using Devise gem with Omniauth. But I'm looking for some different perspective.

subquestions:

I'm considering creating email+password sign-up from scratch (not using any gem for this, lets keep it fast and light) so do you have any advice for this ? Or if you have particular gem in mind, please let it be fast.

And do you have any other recommendations for Oauth2 gems (alternative to Omniauth) handling authentication to Facebook ?

I'm sorry I'm asking this fundamental questions here, but I didn't found many answers (and most of them I found are based on Devise)

like image 495
equivalent8 Avatar asked Jan 19 '23 20:01

equivalent8


1 Answers

This is how I saw it's done in most examples on the web

auth_with_devise_and_ominauth

basicly when you signup with email+password, you are creating row directly to User model (not touching the Authent. model) and when signing up with Omniauth, than you are creating new authentication that communicates with User model.

And basicly on next login you are doing something like this :

 if (user.password == 'xxx')
    login
 elsif user.authentication.uid == 'xxx'
    login
 else
    'hello signup !'
 end

so you are swiching between 2 models, and raping (sorry for the term) the User model witch should hold only user info

The solution, in a way, I think is correct (from my experience and discussions with my colleagues but I'm still not 100% sure this is the right answer)

enter image description here

as you see even the user+password is going trough Authent. model, that means the site user+password is acting as a provider on its own

so to be absolutly correct it should be look like this enter image description here

  • scenario 1

signing up with FB: you save FB uid and authKey to authentication table, then create user

  • scenario 2

signing up with password: you create new row in AppPass table, then you create row in Authentication table (as a access to provider witch is actually your app) and than you create user

Why?

because now when user logs in, is always going trough Authent. model, not making condition between 2 models (the Authent. and the User model)

now can anyone please tell me, ...is this a good approach :D ?

like image 108
equivalent8 Avatar answered Jan 31 '23 11:01

equivalent8