After several weeks of grinding away with the generous help of Eric and Shane, Omniauth works with our current setup. Now a user can arrive at our site and log into the system using their Facebook or Google accounts as an alternative to creating their own Prism-specific login.
One significant difficulty we encountered was how to handle multiple authentications. In the default framework, the system creates a new user when you authenticate through a service. So, if a user clicks on Facebook authentication, that action creates a new user in the database. If that same user comes back and clicks Twitter instead, that user will then have a separate account unlinked to the first in the database. Rather than implement an authentication management system, we decided to add a disclaimer to the myPrisms page directing users to login with the correct accounts if they aren’t seeing the information that they expect.
Another difficulty: initially we also wanted to include Twitter authentication, but Twitter returns only the user’s nickname instead of an email. This is a problem for Devise, the gem that we use to handle the logins more generally. Devise has emails pretty firmly integrated into their framework, and things got quite whacky when we tried to disable email as the verifying function for new users. We successfully did so, but each new success raised new problems related to the nickname/email interactions. At length, we decided just to go with Facebook and Google for now. Any future authentications that we implement will be chosen based on whether or not they return user emails.
Next, I’ll be helping Shane move forward with allowing User Uploads.