gem omniauth-google-oauth2 provides a strategy to authenticate with Google via OAuth2 in OmniAuth.
Get your API key at:
https://code.google.com/apis/console/
Note the Client ID and the Client Secret.
For more details, read the Google docs:
https://developers.google.com/accounts/docs/OAuth2.
You can configure several options, which you pass in to the provider
method via a hash:
scope
A
comma-separated list of permissions you want to
request from the user.
See the
Google OAuth 2.0 Playground
for a full
list of available permissions.
Caveats:
userinfo.email
and userinfo.profile
scopes are used by default. By
defining your own scope, you override these defaults. If you need these
scopes, don't forget to add them yourself!
https://www.googleapis.com/auth/
do not need that
prefix specified.
So while you can use the smaller scope books
since that
permission starts with the mentioned prefix, you should use the full scope
URL https://docs.google.com/feeds/
to access a user's docs, for example.
prompt
A space-delimited list of string values that
determines whether the user is re-prompted for authentication and/or
consent. Possible values are:
none
No authentication or consent pages will be displayed;
it will return an error if the user is not already authenticated and
has not pre-configured consent for the requested scopes.
This can be used as a method to check for existing authentication and/or consent.
consent
The user will always be prompted for consent,
even if he has previously allowed access a given set of scopes.
select_account
The user will always be prompted to select
a user account. This allows a user who has multiple current account
sessions to select one amongst them.
image_aspect_ratio
The shape of the user's profile
picture. Possible values are:
original
Picture maintains its original aspect ratio.
square
Picture presents equal width and height.
Defaults to original
.
image_size
The size of the user's profile picture.
The image
returned will have width equal to the given value and variable height,
according to the image_aspect_ratio chosen
.
Additionally, a picture with
specific width and height can be requested by setting this option to a
hash with width
and height
as keys.
If only width or height is specified, a picture whose width or height is closest to the requested size and requested aspect ratio will be returned.
Defaults to the original width and height of the picture.
name
The name of the strategy.
The default name is
google_oauth2
but it can be changed to any value, for example google
.
The
OmniAuth URL will thus change to /auth/google
and the provider
key in
the
auth hash will then return google
.
access_type
Defaults to offline
,
so a refresh token is sent
to be used when the user is not present at the browser. Can be set to
online
.
Note that if you need a refresh token, google requires you to also to specify the option prompt: 'consent', which is not a default.
login_hint
When your app knows which user it is trying
to authenticate, it can provide this parameter as a hint to the
authentication server. Passing this hint suppresses the account chooser
and either pre-fill the email box on the sign-in form, or select the
proper session (if the user is using multiple sign-in), which can
help you avoid problems that occur if your app logs in the wrong user
account. The value can be either an email address or the sub string,
which is equivalent to the user's Google+ ID.
include_granted_scopes
If this is provided with the value
true
, and the authorization request is granted, the authorization will
include any previous authorizations granted to this user/application
combination for other scopes. See Google's
Incremental Autorization
for
additional details.
Here's an example of a possible configuration where
Rails.application.config.middleware.use OmniAuth::Builder do provider :google_oauth2, ENV["GOOGLE_CLIENT_ID"], ENV["GOOGLE_CLIENT_SECRET"], { :name => "google", :scope => "userinfo.email, userinfo.profile, plus.me, http://gdata.youtube.com", :prompt => "select_account", :image_aspect_ratio => "square", :image_size => 50 } end
request.env["omniauth.auth"]
:
{ :provider => "google_oauth2", :uid => "123456789", :info => { :name => "John Doe", :email => "john@company_name.com", :first_name => "John", :last_name => "Doe", :image => "https://lh3.googleusercontent.com/url/photo.jpg" }, :credentials => { :token => "token", :refresh_token => "another_token", :expires_at => 1354920555, :expires => true }, :extra => { :raw_info => { :id => "123456789", :email => "user@domain.example.com", :verified_email => true, :name => "John Doe", :given_name => "John", :family_name => "Doe", :link => "https://plus.google.com/123456789", :picture => "https://lh3.googleusercontent.com/url/photo.jpg", :gender => "male", :birthday => "0000-06-25", :locale => "en", :hd => "company_name.com" } } }