Smart Activation With Single Sign On

This post is related to another post of mine about getting the rpx single sign on to work.

Scenario:

• You are using single sign on but require the user to have emails (Facebook does not return email) or require other fields (eg. accept terms of use).
• You allow users to specify another email besides the one that is returned by the single sign on service (SSOS)
  
• If the user changes that email, you want them to validate it (you send an email to them with a link to activate their account), but if they don't change it (meaning they use the same email that is returned by the SSOS), then the account will be automatically activated

For some reason, I did this the hard way at the beginning. I won't expound on how but what I tried to do in 2 days (but failed) actually took 30 minutes doing it the right way (and worked).

Requisites

1. Make sure you got single sign on working (you're able to read responses and stuff)

If you look at my code and read it a few times you'll understand what I do. From the RPX Controller, you render the login form so they have a chance to change stuff. If they miss out on anything the errors will render. If they submit it, then the form will be submitted to users/create and will render itself if they are still missing stuff. The hidden_field of email_was just stays there, dormant, waiting to be compared later on.

When the user finally has all their stuff filled up and submits the form, if they're on single sign on, then the user will be activated based on the comparison between the email_was and the current email they're trying to save. If they're different, then they're not activated and the user observer sends out the activation mail. If they are the same email, then the account is activated and they have to do one less step. :)

If you have any comments or suggestions please let me know.

RPX Now: Single Sign-on

As I write this, I'm trying to install the single sign-on capability that RPX Now gives you on my Rails app. I've tried OpenID before (using open_id_authentication plugin and ruby-openid gem) and it was mightly complicated, plus you couldn't only use other 3rd party accounts.

RPX Now claims to be super easy and so far, with grosser's rpx_now gem, it almost seems too easy -- except there are no tutorials that I can find on Google. There are examples in gem's github site but they don't explain much.

This is my attempt at writing one.

First, install the gem (instructions in the github site). If you want to put it in your environment.rb file, it should look like this (remove or replace the version number with an updated one):

config.gem "grosser-rpx_now", :lib => "rpx_now", :version => "0.3", :source => "http://gems.github.com"

Then create an RpxController and add code similar to this to your user model. Of course, you don't have to process the data yourself, but I wanted to (thus my rpx_controller is a bit longer, and I had to read the response in the User model) so that if the rpx profile is missing anything, it will render a something like my normal login page that basically has a form_for(@user ...) where they can fill up the missing data.

Check out actual responses (I just removed any personal data).