Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jonmagic/omniauth-github-team-member

OmniAuth Strategy for GitHub Teams
https://github.com/jonmagic/omniauth-github-team-member

Last synced: 30 days ago
JSON representation

OmniAuth Strategy for GitHub Teams

Host: GitHub
URL: https://github.com/jonmagic/omniauth-github-team-member
Owner: jonmagic
License: mit
Created: 2013-02-10T01:09:08.000Z (almost 12 years ago)
Default Branch: master
Last Pushed: 2021-02-18T23:19:03.000Z (almost 4 years ago)
Last Synced: 2024-09-17T02:54:08.809Z (4 months ago)
Language: Ruby
Size: 18.6 KB
Stars: 10
Watchers: 3
Forks: 6
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # OmniAuth GitHub Team Auth

This is an OmniAuth strategy for authenticating to GitHub and ensuring the user belongs to a specific team. This strategy is useful for building web apps that should only be administered by specific teams. I adapted this from an internal gem at GitHub.

To use it, you'll need to sign up for an OAuth2 Application ID and Secret on the [GitHub Applications Page](https://github.com/settings/applications).

## Installing

Add the gem to your Gemfile and bundle.

```

gem "omniauth-github-team-member"

```

I like to store the GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET in my environment, but you don't have to if you have a preferred place to put keys and secrets. For local development I recommend the [dotenv](https://github.com/bkeepers/dotenv) gem for setting environment variables.

## Basic Usage

In the examples below, `42634` is the id of the team we are checking against. You can find the id of a team via the GitHub API, either by [listing all teams for the parent org](https://developer.github.com/v3/orgs/teams/#list-teams) or [finding all of the team memberships for a user who is on the team you are looking for](https://developer.github.com/v3/orgs/teams/#get-team-membership).

Usage in Rails:

```ruby

# config/initializers/github_omniauth.rb

Rails.application.config.middleware.use OmniAuth::Builder do

  provider :githubteammember,

    ENV['GITHUB_CLIENT_ID'],

    ENV['GITHUB_CLIENT_SECRET'],

    scope: 'read:org',

    teams: {

      "mentors_team_member?" => 426344

    }

end

```

During the callback phase, you can check to see if the authed user is on the mentors team or not by checking the returned credentials object `request.env['omniauth.auth'].credentials.mentors_team_member?`.

An example of how to integrate this strategy with OmniAuth is below. Do note that these examples are just guidelines, you will most likely need to change each example to match your application's needs.

```ruby

class SessionsController

  def create

    @user = User.find_for_github_team_oauth(request.env['omniauth.auth'])

    if @user && @user.persisted?

      redirect_to root_path

    else

      redirect_to no_access_path

    end

  end

end

```

```ruby

class User < ActiveRecord::Base

  def self.find_for_github_team_oauth(access_token, signed_in_resource=nil)

    # Prevents past team members from logging into existing accounts they

    # created when they were previously a team member. Also ensures

    # new accounts can't be created unless they are a team member.

    return false unless access_token.credentials.mentors_team_member?

    info = access_token.info

    github_id = access_token.uid

    user = find_or_initialize_by_github_id(github_id)

    if user.new_record?

      user.name = info.name

      user.email = info.email

      user.github_identifier = info.nickname

      user.save

    end

    user

  end

end

```

Usage in Sinatra:

```ruby

use OmniAuth::Builder do

  provider :githubteammember,

    ENV['GITHUB_CLIENT_ID'],

    ENV['GITHUB_CLIENT_SECRET'],

    scope: 'read:org',

    teams: {

      "mentors_team_member?" => 426344

    }

end

```

### Scopes

You must require the `read:org` scope to be able to access the team data associated with the authenticated user.

More info on [Scopes](http://developer.github.com/v3/oauth/#scopes).

## Contributing

1. [Fork it](https://help.github.com/articles/fork-a-repo)

2. Create your feature branch (`git checkout -b my-new-feature`)

3. Commit your changes (`git commit -am 'Added some feature'`)

4. Push to the branch (`git push origin my-new-feature`)

5. Create new [Pull Request](https://help.github.com/articles/using-pull-requests)

## Contributors

* [Garrett Bjerkhoel](https://github.com/dewski)

* [Jonathan Hoyt](https://github.com/jonmagic)

* [Arthur Chiu](https://github.com/achiu)

* [Tim Clem](https://github.com/tclem)

* [Jessie Young](https://github.com/jessieay)

* [Paul Schreiber](https://github.com/paulschreiber)