Ruby on Rails Facebook and Twitter Authentication using Omniauth-oauth2

In this article, we'll create an app with Facebook and Twitter Authentication using Omniauth-oauth2. We'll need to install redis, memcached, and postgres in the process. We starts with Rails 4.1 Starter Kit instead of starting from scratch.

At the end of this tutorial, I'll have my version of starter kit called Rains4-PyGoogle. The new source will be placed at Rails4-PyGoogle.git.

Got Rails 4.1 Starter Kit from GitHub.

$ git clone https://github.com/starterkits/rails4-starterkit.git
$ cd rails4-starterkit

Then, I copied everything over to my project directory:

$ cp -r * ~/PyGoogle

Next thing is to choose between Bootstrap 3 vs Foundation 5 for the front-end framework. Have a look at the difference between the two: Bootstrap 3 vs. Foundation 5: Which Front-end Framework Should You Use?.

I chose Bootstrap 3.

Install packages using bundle command:

$ bundle install

Here is the file structure for our app:

Install memcached:

$ sudo apt-get install mysql-server php5-mysql php5 php5-memcached memcached

Run it:

$ sudo service memcached restart

Install redis:

$ wget http://download.redis.io/redis-stable.tar.gz
$ tar xvzf redis-stable.tar.gz
$ cd redis-stable
$ make

1. redis-server is the Redis Server itself.
2. redis-sentinel is the Redis Sentinel executable (monitoring and failover).
3. redis-cli is the command line interface utility to talk with Redis.
4. redis-benchmark is used to check Redis performances.
5. redis-check-aof and redis-check-dump are useful in the rare event of corrupted data files.

Run radis:

k@laptop:~/redis-stable$ ./src/redis-server redis.conf 
3436:M 17 Jan 15:48:10.354 # You requested maxclients of 10000 requiring at least 10032 max file descriptors.
3436:M 17 Jan 15:48:10.355 # Redis can't set maximum open files to 10032 because of OS error: Operation not permitted.
3436:M 17 Jan 15:48:10.355 # Current maximum open files is 4096. maxclients has been reduced to 4064 to compensate for low ulimit. If you need higher maxclients increase 'ulimit -n'.
                _._                                                  
           _.-``__ ''-._                                             
      _.-``    `.  `_.  ''-._           Redis 3.0.6 (00000000/0) 64 bit
  .-`` .-```.  ```\/    _.,_ ''-._                                   
 (    '      ,       .-`  | `,    )     Running in standalone mode
 |`-._`-...-` __...-.``-._|'` _.-'|     Port: 6379
 |    `-._   `._    /     _.-'    |     PID: 3436
  `-._    `-._  `-./  _.-'    _.-'                                   
 |`-._`-._    `-.__.-'    _.-'_.-'|                                  
 |    `-._`-._        _.-'_.-'    |           http://redis.io        
  `-._    `-._`-.__.-'_.-'    _.-'                                   
 |`-._`-._    `-.__.-'    _.-'_.-'|                                  
 |    `-._`-._        _.-'_.-'    |                                  
  `-._    `-._`-.__.-'_.-'    _.-'                                   
      `-._    `-.__.-'    _.-'                                       
          `-._        _.-'                                           
              `-.__.-'                    

Install postgres:

$ sudo apt-get install postgresql postgresql-contrib

We can go into the postgres shell with a user name postgres:

k@laptop:~$ sudo -i -u postgres
postgres@laptop:~$ psql
psql (9.3.9)
Type "help" for help.

postgres=# 

Let's setup the db:

$ rake db:setup

During the setup, I got postgres error:

$ rake db:setup
...
Couldn't create database for {"adapter"=>"postgresql", "encoding"=>"unicode", "database"=>"starterkit_test", "pool"=>5, "username"=>"postgres", "password"=>nil}
psql: FATAL:  Peer authentication failed for user "postgres"
rake aborted!
PG::ConnectionBad: FATAL:  Peer authentication failed for user "postgres"
...

So, following the suggestion from Getting error: Peer authentication failed for user "postgres", when trying to get pgsql working with rails, I modified /etc/postgresql/9.3/main/pg_hba.conf from peer to md5:

# local   all             postgres                                peer
local   all             postgres                                md5

Then, restart postgres:

$ sudo service postgresql restart
 * Restarting PostgreSQL 9.3 database server                                                 [ OK ]

Now, we can run rake db:setup successfully!

After running the command, we can see rake db:setup created DBs for us:

$ psql -U postgres -h localhost
psql (9.3.9)
SSL connection (cipher: DHE-RSA-AES256-GCM-SHA384, bits: 256)
Type "help" for help.

postgres=# \l
                                        List of databases
          Name          |  Owner   | Encoding |   Collate   |    Ctype    |   Access privileges   
------------------------+----------+----------+-------------+-------------+-----------------------
...
 postgres               | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | 
 pygoogle_development   | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | 
 pygoogle_test          | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | 
...

Just for reference, here is the list of rake db: tasks:

1. db:create Creates the database for the current RAILS_ENV environment. If RAILS_ENV is not specified it defaults to the development and test databases.
2. db:create:all Creates the database for all environments.
3. db:drop Drops the database for the current RAILS_ENV environment. If RAILS_ENV is not specified it defaults to the development and test databases.
4. db:drop:all Drops the database for all environments.
5. db:migrate Runs migrations for the current environment that have not run yet. By default it will run migrations only in the development environment.
6. db:migrate:redo Runs db:migrate:down and db:migrate:up or db:migrate:rollback and db:migrate:migrate depending on the specified migration. I usually run this after creating and running a new migration to ensure the migration is reversable.
7. db:migrate:up Runs the up for the given migration VERSION.
8. db:migrate:down Runs the down for the given migration VERSION.
9. db:migrate:status Displays the current migration status.
10. db:migrate:rollback Rolls back the last migration.
11. db:version Prints the current schema version.
12. db:forward Pushes the schema to the next version.
13. db:seed Runs the db/seeds.rb file.
14. db:schema:load Loads the schema into the current environment's database.
15. db:schema:dump Dumps the current environment's schema to db/schema.rb.
16. db:setup Runs db:schema:load and db:seed.
17. db:reset Runs db:drop and db:setup.
18. db:migrate:reset Runs db:drop, db:create and db:migrate.
19. db:test:prepare Check for pending migrations and load the test schema. (If you run rake without any arguments it will do this by default.)
20. db:test:clone Recreate the test database from the current environment's database schema.
21. db:test:clone_structure Similar to db:test:clone, but it will ensure that your test database has the same structure, including charsets and collations, as your current environment's database.

For example, we can drop the newly create DBs: pygoogle_development & pygoogle_test:

$ rake db:drop

Since we drop them, we may want to create them again to make our demo to work:

$ rake db:setup

Actually, the DBs are created by referencing to config/database.yml:

development:
  adapter: postgresql
  encoding: unicode
  database: <%= Rails.application.config.settings.app_name %>_development
...
test:
  adapter: postgresql
  encoding: unicode
  database: <%= Rails.application.config.settings.app_name %>_test
  pool: 5
  username: postgres
  password:
...

The config/application has basic configuration information, and it has some secrets that we don't want be exposed to outside, and it will not be pushed into our repo as it is. So, config/application.yml file in the repo is just for demo sample.

The config/settings.rb specifies the application.yml:

source File.expand_path('../application.yml', __FILE__)

File.expand_path first takes the second argument (__FILE__) and set it as a starting directory, and then goes one up then, uses config/application.yml.

Let's move on. Here is the file:

  social:
    facebook: 'https://www.facebook.com/KHongSanFrancisco'
    twitter: 'https://twitter.com/KHongTwit'
    google_plus: 'google.com/+KHongSanFrancisco'
    linkedin: 'www.linkedin.com/in/KHongSanFrancisco'

  contact:
    email: 'KHongSanFrancisco@gmail.com'
    phone: '777-777-7777'

  session:
    key: '_pygoogle_session'
    expire_after: <%= 30.days %>

  rack:
    # Timeout request after 20 seconds
    timeout: 20

  mail:
    layout: 'emails/email'
    from: 'KHongSanFrancisco@gmail.com'

  # Host used to determine direct requests vs CDN.
  # See RobotsController.
  CANONICAL_HOST: 'pygoogle.herokuapp.com'

  AUTH_FACEBOOK_KEY: '201539556694091'
  AUTH_FACEBOOK_SECRET: '80ae1dc93961b7f9a79265af0eeca698'
  AUTH_TWITTER_KEY: 'hbcu8JvAB1FftWw7c3oog'
  AUTH_TWITTER_SECRET: 'uTspycZ4T7QAeA9QLGBb1zoLrR6K7ChBPdYt8F7nZc'

  # Devise password encryption keys.
  # Channging the keys will invalidate user passwords,
  # forcing users to use the forgot password feature.
  # TODO: make new keys with `rake secret`
  DEVISE_SECRET_KEY: '7da7ce94b67dcb951aba685032aa7ddc17ae2551a7a11b60369eff65f1c3cc0a5525c93900b6315daf1558b973d7f5c0b6e80addd61225d6a23694a5fb8ff83e'
  DEVISE_PEPPER: 'f23254b349cb3712c8c31dbdc4bb40555b0cd2ca9de98a15821ba5c2cb7d232b352e7f992bb8345dc53a2b4091f6b9dd1531bdaf1f1ae516d698e9f870d4e69c'

  # Signed cookie encryption key.
  # TODO: make new key with `rake secret`
  SECRET_KEY_BASE: '16e628ec083d6127ca30716ac69c578ba47a900702f0d498c149b87d06eeebd1bc0be22929e16e2180cb137e9be8bc7f77dd3b9c13fbb306330bb6450cfbc051'

  # Redis server used by Sidekiq, cache, etc.
  REDIS_URL: 'redis://localhost:6379/0'

  # Airbrake/Errbit configuration
  AIRBRAKE_API_KEY: ''
  AIRBRAKE_HOST: ''

To get an 'App' Access Token from Facebook, just follow the steps below:

1. Go to developers.facebook.com and click on Log In on the top right. Log in using personal Facebook credentials.
2. Because I've already registered, I can do "Add a New App" => "Advanced"
3. "Create a New App ID"
4. Go to "Dashboard" and grab "App ID"/"App Secret"

Go to https://apps.twitter.com/app/new and create the new application.

Note: Twitter does not take localhost, so I used 0.0.0.0 instead.

Modified config/locales/en.yml: replaced StarterKit with PyGoogle.

Modified config/application.rb: replaced StarterKit with PyGoogle.

Leave Sprint as default in Gemfile. For more info: Fast Tests: Comparing Zeus With Spring on Rails 4.1 and RSpec 3.

# Use spring or zeus
gem 'spring'                  # keep application running in the background
gem 'spring-commands-rspec'
# gem 'zeus'                  # required in gemfile for guard

Running rails server will start WEBrick:

$ rails server
=> Booting WEBrick
=> Rails 4.1.6 application starting in development on http://0.0.0.0:3000
=> Run `rails server -h` for more startup options
=> Notice: server is listening on all interfaces (0.0.0.0). Consider using 127.0.0.1 (--binding option)
=> Ctrl-C to shutdown server
[2016-01-18 12:18:40] INFO  WEBrick 1.3.1
[2016-01-18 12:18:40] INFO  ruby 2.1.3 (2014-09-19) [x86_64-linux]
[2016-01-18 12:18:40] INFO  WEBrick::HTTPServer#start: pid=29044 port=3000

Remember, we used 0.0.0.0:3000 as a callback urls for Twitter and Facebook demo app credentials.

Open a browser and type in 0.0.0.0:3000:

At the click on "Sign Up", we get:

Signed in screen:

Signed out:

After signed out, from Login menu. Note the URL (http://0.0.0.0:3000/a/login):

I got the following error while I'm try to login via Facebook:

"Given URL is not allowed by the Application configuration: One or more of the given URLs is not allowed by the App's settings. It must match the Website URL or Canvas URL, or the domain must be a subdomain of one of the App's domains."

So, I had to go to the Facebook App page, "Settings" => "Advanced", and then for "Valid OAuth redirect URIs" added http://localhost:3000.

I didn't set App Domain: localhost as this post suggested.

Now, it seems to be working.

Oh well, I got another error when I tried to Facebook SignUp with a different username:

"App Not Setup: This app is still in development mode, and you don't have access to it. Switch to a registered test user or ask an app admin for permissions."

So, I added an email to "Settings -> Basic -> Contact Email":

Now it works again.

Let's move on to Twitter. In the earlier section, we put out "App ID" and "App Secter" to config/application.yml. We want to check if it works.

Ok. Now we can Sign Up via Twitter as well as Facebook!

We have an account page as well:

Social page:

Everything works fine. Our Postgres has the all the records of the user. Facebook/Twitter signup/login appears to be working perfectly.

However, it sending a confirmation/activation email doesn't seem to be working at this point. So, we needs further investigation on this issue.

By the way, we have mailer previews provided by rails 4.1. See next section.

Rails 4.1 introduced mailer previews. PyGoogle now has two ways to preview emails:

1. localhost:3000/rails/mailers – Rails 4.1 built-in method.



2. 0.0.0.0:3000/p/email?premail=true&layout;=email – PyGoogle method with query param configs.

Mail previews are only available in development by default. To make PyGoogle previews available in other environments, set the ALLOW_EMAIL_PREVIEW='1'.

To run the full test suite without guard:

$ rspec spec
................***......*.*..............................................

Pending:
  Auth flows Add auth feature specs
    # No reason given
    # ./spec/features/auth_spec.rb:15
  Authentication add some examples to (or delete) /home/k/Rails4-PyGoogle/spec/models/authentication_spec.rb
    # No reason given
    # ./spec/models/authentication_spec.rb:5
  UserMailer add some examples to (or delete) /home/k/Rails4-PyGoogle/spec/mailers/user_mailer_spec.rb
    # No reason given
    # ./spec/mailers/user_mailer_spec.rb:5
  Concerns::UserImagesConcern#image_url should check facebook, linkedin, twitter sizes
    # Not yet implemented
    # ./spec/models/concerns/user_images_concern_spec.rb:16
  Concerns::UserImagesConcern#image_url #
    # No reason given
    # ./spec/models/concerns/user_images_concern_spec.rb:16

Finished in 1 minute 2.46 seconds (files took 29.28 seconds to load)
74 examples, 0 failures, 5 pending

Top 10 slowest examples (58.55 seconds, 93.7% of total time):
  sidekiq as visitor redirects to login page
    29.14 seconds ./spec/features/admin_spec.rb:35
  rails_admin as admin displays admin dashbaord
    26.48 seconds ./spec/features/admin_spec.rb:23
  Users::SessionsController#create redirects to after login url
    0.88769 seconds ./spec/controllers/users/sessions_controller_spec.rb:8
  sidekiq as admin displays admin dashbaord
    0.79323 seconds ./spec/features/admin_spec.rb:51
  sidekiq as user redirects to user home page
    0.38741 seconds ./spec/features/admin_spec.rb:42
  User#authentications #grouped_with_oauth groups by provider and includes oauth_cache
    0.20557 seconds ./spec/models/user_spec.rb:150
  rails_admin as user redirects to user home page
    0.17974 seconds ./spec/features/admin_spec.rb:14
  User password_required? with authentication and new record is always false when new record
    0.17964 seconds ./spec/models/user_spec.rb:42
  User password_required? with authentication and persisted is false when has saved password
    0.15829 seconds ./spec/models/user_spec.rb:75
  Robots canonical host allow robots to index the site
    0.13335 seconds ./spec/features/robots_spec.rb:5

Top 10 slowest example groups:
  sidekiq
    10.11 seconds average (30.32 seconds / 3 examples) ./spec/features/admin_spec.rb:33
  rails_admin
    8.93 seconds average (26.8 seconds / 3 examples) ./spec/features/admin_spec.rb:5
  Users::SessionsController
    0.3266 seconds average (0.97981 seconds / 3 examples) ./spec/controllers/users/sessions_controller_spec.rb:3
  Robots
    0.08645 seconds average (0.1729 seconds / 2 examples) ./spec/features/robots_spec.rb:3
  User
    0.07534 seconds average (1.36 seconds / 18 examples) ./spec/models/user_spec.rb:3
  Concerns::OmniauthConcern
    0.05737 seconds average (0.57366 seconds / 10 examples) ./spec/models/concerns/omniauth_concern_spec.rb:3
  Users::RegistrationsController
    0.02538 seconds average (0.05076 seconds / 2 examples) ./spec/controllers/users/registrations_controller_spec.rb:3
  DeviseRoutesHelper
    0.02397 seconds average (0.33551 seconds / 14 examples) ./spec/helpers/devise_routes_helper_spec.rb:14
  Concerns::UserImagesConcern
    0.02028 seconds average (0.18253 seconds / 9 examples) ./spec/models/concerns/user_images_concern_spec.rb:3
  Users::OauthController
    0.01845 seconds average (0.05535 seconds / 3 examples) ./spec/controllers/users/oauth_controller_spec.rb:3

Randomized with seed 40430

Coverage report generated for RSpec to /home/k/Rails4-PyGoogle/coverage. 302 / 464 LOC (65.09%) covered.

Updating Ruby to up-to-date version.

$ ruby -v
ruby 2.1.3p242 (2014-09-19 revision 47630) [x86_64-linux]

$ rvm install 2.2.4
Warning, new version of rvm available '1.26.11', you are using older version '1.25.28'.
You can disable this warning with:    echo rvm_autoupdate_flag=0 >> ~/.rvmrc
You can enable  auto-update  with:    echo rvm_autoupdate_flag=2 >> ~/.rvmrc
Unknown ruby string (do not know how to handle): ruby-2.2.4.
Unknown ruby string (do not know how to handle): ruby-2.2.4.
Searching for binary rubies, this might take some time.
Found remote file https://rubies.travis-ci.org/ubuntu/14.04/x86_64/ruby-2.2.4.tar.bz2
Checking requirements for ubuntu.
Requirements installation successful.
ruby-2.2.4 - #configure
ruby-2.2.4 - #download
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100 22.9M  100 22.9M    0     0  1930k      0  0:00:12  0:00:12 --:--:-- 2286k
No checksum for downloaded archive, recording checksum in user configuration.
ruby-2.2.4 - #validate archive
ruby-2.2.4 - #extract
ruby-2.2.4 - #validate binary
ruby-2.2.4 - #setup
ruby-2.2.4 - #gemset created /home/k/.rvm/gems/ruby-2.2.4@global
ruby-2.2.4 - #importing gemset /home/k/.rvm/gemsets/global.gems...............................................
ruby-2.2.4 - #generating global wrappers........
ruby-2.2.4 - #gemset created /home/k/.rvm/gems/ruby-2.2.4
ruby-2.2.4 - #importing gemsetfile /home/k/.rvm/gemsets/default.gems evaluated to empty gem list
ruby-2.2.4 - #generating default wrappers........

$ ruby -v
ruby 2.2.4p230 (2015-12-16 revision 53155) [x86_64-linux]

To get information about the Rails environment, we can use rake about command:

$ rake about
  ActiveRecord::SchemaMigration Load (128.9ms)  SELECT "schema_migrations".* FROM "schema_migrations"
About your application's environment
Ruby version              2.1.3-p242 (x86_64-linux)
RubyGems version          2.2.2
Rack version              1.5.5
Rails version             4.1.14
JavaScript Runtime        Node.js (V8)
Active Record version     4.1.14
Action Pack version       4.1.14
Action View version       4.1.14
Action Mailer version     4.1.14
Active Support version    4.1.14
Middleware                Airbrake::UserInformer, Rack::Sendfile, ActionDispatch::Static, Rack::Lock, #, Rack::Runtime, Rack::MethodOverride, ActionDispatch::RequestId, Rails::Rack::Logger, ActionDispatch::ShowExceptions, ActionDispatch::DebugExceptions, Airbrake::Rails::Middleware, ActionDispatch::RemoteIp, ActionDispatch::Reloader, ActionDispatch::Callbacks, ActiveRecord::Migration::CheckPending, ActiveRecord::ConnectionAdapters::ConnectionManagement, ActiveRecord::QueryCache, ActionDispatch::Cookies, ActionDispatch::Session::CacheStore, ActionDispatch::Flash, ActionDispatch::ParamsParser, Remotipart::Middleware, Rack::Head, Rack::ConditionalGet, Rack::ETag, Warden::Manager, OmniAuth::Builder, Rack::Pjax
Application root          /home/k/Rails4-PyGoogle
Environment               development
Database adapter          postgresql
Database schema version   20140204233952

I wrote a very brief tutorial for deploying our app (pygoogle) to Heroku.

Please have a look at Deploying Rails 4 to Heroku.

Ruby on Rails

• Ruby On Rails Home
• Ruby - Input/Output, Objects, Load
• Ruby - Condition (if), Operators (comparison/logical) & case statement
• Ruby - loop, while, until, for, each, (..)
• Ruby - Functions
• Ruby - Exceptions (raise/rescue)
• Ruby - Strings (single quote vs double quote, multiline string - EOM, concatenation, substring, include, index, strip, justification, chop, chomp, split)
• Ruby - Class and Instance Variables
• Ruby - Class and Instance Variables II
• Ruby - Modules
• Ruby - Iterator : each
• Ruby - Symbols (:)
• Ruby - Hashes (aka associative arrays, maps, or dictionaries)
• Ruby - Arrays
• Ruby - Enumerables
• Ruby - Filess
• Ruby - code blocks and yield
• Rails - Embedded Ruby (ERb) and Rails html
• Rails - Partial template
• Rails - HTML Helpers (link_to, imag_tag, and form_for)
• Layouts and Rendering I - yield, content_for, content_for?
• Layouts and Rendering II - asset tag helpers, stylesheet_link_tag, javascript_include_tag
• Rails Project
• Rails - Hello World
• Rails - MVC and ActionController
• Rails - Parameters (hash, array, JSON, routing, and strong parameter)
• Filters and controller actions - before_action, skip_before_action
• The simplest app - Rails default page on a Shared Host
• Redmine Install on a Shared Host
• Git and BitBucket
• Deploying Rails 4 to Heroku
• Scaffold: A quickest way of building a blog with posts and comments
• Databases and migration
• Active Record
• Microblog 1
• Microblog 2
• Microblog 3 (Users resource)
• Microblog 4 (Microposts resource I)
• Microblog 5 (Microposts resource II)
• Simple_app I - rails html pages
• Simple_app II - TDD (Home/Help page)
• Simple_app III - TDD (About page)
• Simple_app IV - TDD (Dynamic Pages)
• Simple_app V - TDD (Dynamic Pages - Embedded Ruby)
• Simple_app VI - TDD (Dynamic Pages - Embedded Ruby, Layouts)
• App : Facebook and Twitter Authentication using Omniauth oauth2
• Authentication and sending confirmation email using Devise
• Adding custom fields to Devise User model and Customization
• Devise Customization 2. views/users
• Rails Heroku Deploy - Authentication and sending confirmation email using Devise
• Deploying a Rails 4 app on CentOS 7 production server with Apache and Passenger I
• Deploying a Rails 4 app on CentOS 7 production server with Apache and Passenger II
• OOPS! Deploying a Rails 4 app on CentOS 7 production server with Apache and Passenger (Trouble shooting)