Chapter 15. Alternative authentication
This chapter covers
- Authenticating against external services using OmniAuth
- Authenticating with Twitter using OAuth
- Authenticating with GitHub using OAuth
Now that your application has been deployed to a server somewhere (or at least you’ve gone through the motions of doing that!), we’re going to look at adding additional features to your application. One of these is OAuth authentication from services such as Twitter and GitHub.
When you sign into a website, you can generally use a couple of authentication methods. The first of these would be a username and password, with the username being forced to be unique. This method provides a solid way to identify what user has logged into the website, and from that identification the website can choose to grant or deny access to specific parts of the site. You have done this with your Ticketee application, except in place of a username, you’re using an email address. An email address is an already unique value for users of a website that also allows you to have a way of contacting the user if the need arises. On other websites, though, you may have to choose a username (with Twitter), or you could be able to use both a username and email to sign in, as with GitHub.
Entering your email address and a password[1] into every website that you use can be time consuming. Why should you be throwing your email addresses and passwords into every website?