Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Baked in OAuth support #27

Open
watzon opened this issue Jun 20, 2019 · 6 comments
Open

Baked in OAuth support #27

watzon opened this issue Jun 20, 2019 · 6 comments
Labels
feature request New feature or request

Comments

@watzon
Copy link

watzon commented Jun 20, 2019

It would be nice if Authentic could integrate some of the functionality that MultiAuth provides and allow for an easy OAuth authentication flow. In the short term it would be nice to at least take OAuth into account, because right now Authentic doesn't work without encrypted_password.
@jwoertink jwoertink added the feature request New feature or request label Jun 20, 2019
@paulcsmith
Copy link
Member

My rough plan is to make it so an Authenticatable (typically User) has_many credentials : Authentic::Credential. Which can be one or more credentials. So you could have email/pass, or google, or both. This would also require re-working the generators in Lucky which I'll need to figure out

The other downside with has_many is that it is hard to validate that there is at least one. The alternative is to credential column that would allow just one provider (email/pass, google, etc). This is much safer, but also less flexible. I'd love to figure out a way to guarantee that there is at least one credential...but we'll see. Maybe we can think of something that is the best of all worls

@paulcsmith
Copy link
Member

Thinking out loud: maybe we have a columns primary_credential and primary_credential_provider that is non-null so we guarantee there is one. Then (maybe optional?) has_many secondary_credentials : Authentic::Credential.

This may be our best of both worlds approach.

@watzon
Copy link
Author

watzon commented Jun 20, 2019

@paulcsmith that could work

paulcsmith added a commit that referenced this issue Oct 29, 2019
@paulcsmith
Allow encrypted_password to be nil
4c6f69a 
Related to #27

The problem with enforcing encrypted_password was that if you wanted to
have email/password sign in *and/or* some other social sign in then
it would not work. You'd have to set "encrypted_password" to "fake" or
some other hack.

This update makes it so you can make encrypted_password nil if you want.
@paulcsmith paulcsmith mentioned this issue Oct 29, 2019
Merged
paulcsmith added a commit that referenced this issue Oct 29, 2019
@paulcsmith
Allow encrypted_password to be nil (#38)
61a63a9 
Related to #27

The problem with enforcing encrypted_password was that if you wanted to
have email/password sign in *and/or* some other social sign in then
it would not work. You'd have to set "encrypted_password" to "fake" or
some other hack.

This update makes it so you can make encrypted_password nil if you want.
@stephendolan stephendolan added the expected for 1.0 Features that most users will expect in a 1.0 web framework label Oct 22, 2020
@stephendolan
Copy link
Member

@matthewmcgarvey / @jwoertink I'd advocate for striking this from our 1.0 roadmap. I've implemented OAuth twice now, alongside passwords and in place of passwords, and it's been really quick with this shard:
https://github.com/msa7/multi_auth

Here's an example of an app User table I'm building that just uses Google OAuth, which took me ~1 hour to implement from the default-generated CLI application, and works quite well:
CleanShot 2021-04-19 at 13 35 38

I could certainly see some kind of task in Authentic in the future that used something like my Spark shard to add this functionality to an existing app with a new oauth_credentials table or something, but this seems less critical for 1.0 now than it previously did.

@jwoertink
Copy link
Member

Yeah, we won't get OAuth baked in for 1.0. Plus it seems like something that could be added after 1.0 without breaking stuff.

On a side note, we could add a link to that multi_auth shard in the new community section of the site.

@stephendolan
Copy link
Member

Cool, I'll remove it from that Milestone for now.

Yeah, either the Community section or an "Adding OAuth" tutorial would serve the purpose of getting folks up and running!

We'll just want to make sure something in the Algolia-indexed search results can still find it so that searching "oauth" would yield results.

@jwoertink jwoertink removed the expected for 1.0 Features that most users will expect in a 1.0 web framework label Jul 21, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jwoertink @paulcsmith @watzon @stephendolan