Google Omniauth, a Ruby on Rails Saga
A long, long time ago, in a galaxy far, far away… there was Ruby on Rails.
Just kidding, we are actually in that galaxy now!
The Ruby on Rails framework is stunning, efficient, and extremely conventional. Building a practical web-based app with this framework can be accomplished in just a few short minutes thanks to scaffolding and rails generators (*can* does not always mean *should*, keep in mind). We say that an app *can* be built this way, however, you are liable to wind up with some arbitrary files/code, which can take some time to clean up. Therefore, when creating a more intricate/custom app, one will find it most conducive to use only the most minimal of generators (my personal favorite is `rails g resource ModelName`). Whilst creating my app, MealKick!, I utilized the “resource” generator to quickly create all of my new Models with their respective db tables, controllers, (empty) views folders, and their corresponding resource routes in config.rb. Voila! The app’s structure is built “lickety-split”! Now we can add our Model associations, validations, CRUD actions, views, etc. into our nice, neat skeleton.
Admittedly, one small, yet important, issue that I did run into — was utilizing Omniauth with the Google provider. Thus I felt it my duty to share the information that I had learned with my fellow Ruby enthusiasts, considering that Omniauth (or simply a third-party login) is a requirement for the project. I chose the Google OAuth2 strategy for OmniAuth and found the process to be quick and concise (except for my Client ID & Secret blunder :facepalming: which we will get to shortly). Let’s start by walking through the basics/steps to add this capability. Firstly, you will need to add the following three gems to your Gemfile: `gem ‘omniauth’`, `gem ‘omniauth-google-oauth2’`, and `gem ‘dotenv-rails’`, then run `bundle install`. Next, you can create config/initializers/omniauth.rb and add the following middleware configuration code:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, ENV[‘GOOGLE_CLIENT_ID’], ENV[‘GOOGLE_CLIENT_SECRET’]
end
This seems simple enough, right? Well, to be honest, this is where I blundered… From my perspective, I thought that the instructions I was reading ([found here](https://medium.com/@amoschoo/google-oauth-for-ruby-on-rails-129ce7196f35)), were telling me to add my actual Google Client ID & Secret in place of the `ENV[‘GOOGLE_CLIENT_ID’], ENV[‘GOOGLE_CLIENT_SECRET’]`. Well — I was wrong, and this really took me a few rubber ducky minutes to figure it out! It is actually written the exact way it should be written inside of your omniauth.rb file. Your actual Google Client keys should **ONLY** ever be added to the /.env file that you will create in your root folder once you have acquired your API Credentials/OAuth Client ID from [https://console.developers.google.com](https://console.developers.google.com/) .
Now that you have your Google Client ID & Secret stored inside of /.env, you will need to make sure that you hide this information from github (and subsequently, from hackers!) by adding the /.env file to your git.ignore file, “easy-peasy-lemon-squeezy”!
So, you now have access to /auth/google_oauth2 to determine the Google authentication. Let’s wrap things up by adding your Google OAuth Callback route(s) to config/routes.rb and then a “google” action to your sessions controller which will find or create a user based on the OAuth attributes:
private
def auth
request.env[‘omniauth.auth’]
end
^^ inside of our Sessions Controller, will grab access tokens from the google server and feed them in through our ‘sessions#google’ action route. You can then use .auth inside of your ‘google’ action in the Sessions Controller to find or create a user based on their OAuth params (.auth) to log them in.
And then we all lived on to code another day!
I look forward to your questions and comments!
