8

I've received a token / secret from a service using OmniAuth and can store it for users, but I'm stuck as to how to actually use these to call a service.

The closest thing I've seen to this question is here but the way he's solved that there doesn't feel right. I feel like OmniAuth likely does this all for you if you know what you're doing.

Netflix has a pretty involved auth process, so I was hoping to skirt all of this by using OmniAuth to abstract me from all of this.

Given that I have a token and secret for a user, how to use these in calling a service like Netflix?

Many thanks :)

Community
  • 1
  • 1
Kevin Davis
  • 2,698
  • 1
  • 22
  • 27

2 Answers2

24

Hey, I'm the author of the OmniAuth gem. OmniAuth is meant to be used for the authentication process. In the case of OAuth providers like Netflix, this means exchanging a request token for an access token which is then used to pull user information from the API. These one-off calls are specifically designed for each provider and are not meant to be a generic API client for the given provider.

What you can do it use OmniAuth to obtain the credentials and then use another specific library for the site itself (such as ruby-netflix or anything else, I'm not sure what the best one is) to make calls. You can retrieve the access token and secret that is obtained in the authentication dance by accessing env['omniauth.auth']['credentials'], then use those to initialize the API client.

You can also use the OAuth library directly to make these calls, but I would strongly recommend just using an existing library, it will be much faster and easier. Does all of that make sense?

Michael Bleigh
  • 25,334
  • 2
  • 79
  • 85
7

OmniAuth is all about authentication; you should probably look at another gem for making actual calls to the service. E.g., for Facebook, I use the OAuth2 gem and code like the following:

module Facebook
  class Client < OAuth2::Client
    # Return a new OAuth2::Client object specific to the app.
    def initialize
      super(
        APP_CONFIG[:facebook][:api_key],
        APP_CONFIG[:facebook][:app_secret],
        :site => 'https://graph.facebook.com',
        :parse_json => true
      )
    end
  end

  class Token < OAuth2::AccessToken
    # Return a new OAuth2::AccessToken specific to the app
    # and the user with the given token.
    def initialize(token)
      super(
        Facebook::Client.new,
        token
      )
    end
  end
end

access_token = Facebook::Token.new(users_fb_token)
url          = "https://graph.facebook.com/#{user_fb_id}/feed"
response     = access_token.post(url, :message => "My update")

Note that there are gems for popular services, like Facebook and Twitter, that can manage the behind-the-scenes things like creating tokens, managing URLs, etc. For Netflix, you might check the following:

Also keep in mind that OmniAuth just returns the service data to you; you're free to store it and use it how you will (Devise has it's own pattern for OmniAuth that you might butt heads with if you try to go outside the lines). The other question you linked doesn't look too far fetched to me.

Michelle Tilley
  • 157,729
  • 40
  • 374
  • 311
  • Thanks for taking the time to answer - I'm not marking this as the answer just yet because I think there must be a way to do this using the OmniAuth gem itself. OmniAuth::Strategy has a request method (http://intridea.github.com/omniauth/OmniAuth/Strategy.html#request-instance_method) that seems like what you'd use, but I'm not sure how to get an instance of the strategy I'm using. Does this make any sense? – Kevin Davis Apr 23 '11 at 20:45
  • `request` returns (or creates) the `Rack::Request` that's being used during your authentication call. See, for examples, [this line](https://github.com/intridea/omniauth/blob/acfe00f562/oa-oauth/lib/omniauth/strategies/oauth.rb#L52) and [this line](https://github.com/intridea/omniauth/blob/acfe00f562/oa-core/lib/omniauth/strategy.rb#L132). – Michelle Tilley Apr 23 '11 at 20:58