Handling Multiple Social Identities in a Rails Project

Richard LaFranchi

Tue Mar 24 2015

I recently built a social aggregator called Full Social (full.social) built on Ruby on Rails. The idea is to associate a person's social network accounts to a single user. I found that the best way to accomplish this is to create a 1:M association between a user model and an identity model. The idenetity model is where various OAuth tokens are stored and associate them with a single user.

# Configuring Omniauth

I decided to use the omniauth gem to handle the OAuth token request process. On top of the omniauth gem, be sure to also include the appropriate gems for each api (i.e. omniauth-twitter).Here's an example of a configuration file that could be used.

# config/initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, ENV["FACEBOOK_APP_ID"], ENV["FACEBOOK_SECRET"], { scope: "email,public_profile,user_likes" }
  provider :twitter, ENV["TWITTER_KEY"], ENV["TWITTER_SECRET"]
  provider :instagram, ENV["INSTAGRAM_KEY"], ENV["INSTAGRAM_SECRET"]
end

# Handling the Callback

You'll need to add a route to your config/routes.rb file to handle the callback that is made after a user approves your app for use.

# config/routes.rb
get '/auth/:provider/callback' => 'sessions#create'

In my particular case, I'm also using the user's social networks to act as a log in. We will create a sessions controller to handle this.

# app/controllers/sessions_controller.rb
class SessionsController < ApplicationController
  def create
    if auth_hash
      identity = Identity.where(provider: auth_hash.provider, uid: auth_hash.uid).first
      if identity
        user = User.find_by(id: identity.user_id)
        identity.update_attributes!(
          token: auth_hash.credentials.token,
          secret: auth_hash.credentials.secret,
          expires_at: expires_at
        )
      else
        user = logged_in? ? current_user : User.create(name: auth_hash.info.name, email: auth_hash.info.email)
        Identity.create(
          provider: auth_hash.provider,
          uid: auth_hash.uid,
          token: auth_hash.credentials.token,
          secret: auth_hash.credentials.secret,
          expires_at: expires_at,
          user_id: user.id
        )
      end
      session[:user_id] = user.id unless logged_in?
    end
    redirect_to root_path
  end

  private

  def auth_hash
    request.env["omniauth.auth"]
  end

  def expires_at
    if auth_hash.credentials.expires_at.present?
      Time.at(auth_hash.credentials.expires_at).to_datetime
    elsif auth_hash.credentials.expires_in.present?
      DateTime.now + auth_hash.credentials.expires_in.to_i.seconds
    end
  end
end

It could use a bit of refactoring, but it gets the job done. If a user has never been to the site before, then they pick a provider to log in with, a user is created, and an identity is created for that particular provider and associates the Identity to that user. Once the user is logged in, they can now connect other social accounts and new identities are created and associated to the current user. That user can now log back in once their session is expired with any identities that have authorized the application.