OAuth, FHP-DEFCON, & More

Another week, another blog post. This week, you’ll get to read about my adventures attempting to allow users to sign in to DEFCON with GitHub, and my current roadblocks with adding OAuth integration to an app. Also, I begin adding weekly picks to my Saturday blog. Enjoy!

OAuth, GitHub, & DEFCON

OAuth2 is a protocol that allows apps to access a user’s information on another platform. For example, whenever you are given the option to sign into an app using Facebook, Google, Twitter, et. al., that app is using OAuth. While many people have concerns about what kinds of permissions and information they’re giving to various apps, using OAuth can be more secure than creating your own login with a given platform. For example, if a security breach occurs and user information is exposed with a given app, the user’s login credentials won’t be exposed since they signed in with another platform. Obviously, it’s always wise to verify what permissions an app wants from your profile. (Imagine if Tinder decided to start posting swipes on a user’s Facebook profile…)

For DEFCON, the online community we’re building for Firehose Project students, we want to give users the ability to sign in with their GitHub account, and add their profile picture from GitHub to their DEFCON profile. For Rails app, the most common strategy is to use an OmniAuth strategy. Thankfully, Devise (which we use for user authentication) integrates with OmniAuth as well. However, the documentation for OmniAuth GitHub is fairly sparse compared to other strategies. Furthermore, because we wanted to restrict DEFCON access to Firehose students, I set up invitations using devise_invitable. This adds another layer of complexity to allowing students to sign in with GitHub; we only want them to be able to do so after being invited to the community.

Ken (our project lead and FHP co-founder) suggested I try adding Facebook login to Nomster, the Yelp clone I built when I was learning development with The Firehose Project, to better understand how OAuth works before attempting to add a GitHub login to DEFCON. You can see a lonely pull request open as I continue to work on it. I followed Devise’s documentation for integrating with OmniAuth, but as I post this I’m encountering an issue with user persistence/callbacks. After following a link to sign in with Facebook and providing their login credentials to Facebook, they are redirected to the user registration path and not logged in. Here is the code from the OmniauthCallbacksController that I’m fairly certain is causing this:

Here is code from the User model that is also making things interesting:

First, notice that the facebook action redirects the user to the new_user_registration_url if the user record is not persisted. In the class level method in the User model, I also tried adding the bang operator to the end of the first_or_create method. Doing so returns a validation error, which states that “email cannot be blank”. This code was taken from Devise’s Omniauth documentation, but I will most likely need to modify it to suit the needs of my application. Debugging is part of a software developer’s life. I’ll have more about the solution next week, and will probably discuss how I implemented Omniauth for GitHub in DEFCON.

Weekly Picks


I’m currently reading Amber Case’s Calm Technology, published by O’Reilly. Case’s focus is primarily on UX design for the internet of things, and is a fascinating consideration of how we can design technology that is respectful of user’s attention and works quietly in the background. She argues that we should create technology that adapts to our life, rather than vice versa. Those who work in UX design on web applications also might find this book thought-provoking.


Software Engineering Daily has been a welcome addition to my podcast queue, and their recent interview with Aaron Patterson on Rails and Open Source Software was a highlight of this past week. Their episode on Rails with the venerable DHH was also excellent.


Matthew Dunn, a fellow Firehose Project graduate, posted a fantastic introduction to RSpec for those who have yet to work with the testing framework.

That’s all I have for this week. Next post should have more solutions than problems. Thanks for reading!

A single golf clap? Or a long standing ovation?

By clapping more or less, you can signal to us which stories really stand out.