#Stormpath is Joining Okta We are incredibly excited to announce that Stormpath is joining forces with Okta. Please visit the Migration FAQs for a detailed look at what this means for Stormpath users.
We're available to answer all questions at [email protected].
Stormpath is the first easy, secure user management and authentication service for developers. This is the Rails gem to ease integration of its features with any Rails-based application.
Stormpath makes it incredibly simple to add users and user data to your application. It aims to completely abstract away all user registration, login, authentication, and authorization problems, and make building secure websites painless.
Stormpath Rails officially supports Ruby versions over 2.1.0 and Rails over 4.0.
Add the stormpath-rails integration gem to your Gemfile.
Stormpath is currently in beta so it is necessary to include the gem version:
gem 'stormpath-rails', '~> 2.8.0'Bundle the Gemfile
bundle installRun the generator to insert the config yaml file and the neccessary controller module.
rails generate stormpath:installCreate a Stormpath account if you haven't already, and be sure to set up the following environment variables:
- STORMPATH_CLIENT_APIKEY_ID
- STORMPATH_CLIENT_APIKEY_SECRET
Environment variables should be set up in you .bashrc file (or .zshrc if you use myzsh).
Example setup:
export STORMPATH_CLIENT_APIKEY_ID=6U4HZMHGVHN0U765BGW
export STORMPATH_CLIENT_APIKEY_SECRET=0e0TuVZKYiPiLTDLNnswEwpPpa5nPvAlternatively you can use gems such as Dotenv or Figaro to preload environment variables.
Create a Stormpath Application throught the Stormpath Admin Console.
Add the app href OR name to your configuration file in config/stormpath.yml:
stormpath:
application:
href: https://api.stormpath.com/v1/applications/12345abc
name: null-
Make sure your application has a default account directory.
-
Make sure that you have the
root_pathdefined in your railsroutes.rb
Add stormpath_rails_routes to your routes.rb file.
Rails.application.routes.draw do
stormpath_rails_routes
...
endCheck below on how to override default routes.
The gem is highly configurable through it's configuration file (config/stormpath.yml).
You can use embedded ruby (ERB) in the configuration file:
stormpath:
application:
href: <%= ENV['STORMPATH_APPLICATION_HREF'] %>Stormpath Rails responds to two formats: HTML & JSON. You can use it both as an API for building SPA's, mobile applications and as a standalone Rails application that renders HTML.
By default the Stormpath integration will respond to JSON and HTML requests. If a requested type isn't any of the two, the Stormpath integration will pass on the request, and allow the developer or Rails defaults to handle the response.
However if you want use only one of those, modify the configuration file:
stormpath:
web:
produces:
- application/json
- text/htmlIf the request does not specify an Accept header, or the preferred content type is */* the Stormpath integration will respond with the first type in the list.
The Application Controller gets the Stormpath::Rails::Controller module included by default.
The module provides 4 private controller methods:
current_account- get the current accountsigned_in?- check if the user is signed in.require_authentication!- a before filter to stop unauthenticated access.require_no_authentication!- a before filter to stop authenticated access (a logged in user shouldn't be able to see the login form).
By default, the current_account and signed_in? are marked as helper_methods and you can use them in your views.
If you wish to add these methods to a controller that doesn't inherit from the ApplicationController, just include the Stormpath::Rails::Controller module in that controller as well.
Since Stormpath controllers are highly configurable, they have lots of configuration code and are not written in a traditional way. A LoginController would usually have two actions - new & create, however in StormpathRails they are separated into two single action controllers - Stormpath::Rails::Login::NewController and Stormpath::Rails::Login::CreateController. They both respond to a call method (action).
To override a Stormpath controller, first you need to subclass it:
class CreateAccountController < Stormpath::Rails::Register::CreateController
endand update the routes to point to your new controller:
Rails.application.routes.draw do
stormpath_rails_routes(actions: {
'register#create' => 'create_account#call'
})
endList of available controllers:
Stormpath::Rails::Login::NewController
Stormpath::Rails::Login::CreateController
Stormpath::Rails::Logout::CreateController
Stormpath::Rails::Register::NewController
Stormpath::Rails::Register::CreateController
Stormpath::Rails::ChangePassword::NewController
Stormpath::Rails::ChangePassword::CreateController
Stormpath::Rails::ForgotPassword::NewController
Stormpath::Rails::ForgotPassword::CreateController
Stormpath::Rails::VerifyEmail::ShowController
Stormpath::Rails::VerifyEmail::CreateController
Stormpath::Rails::Profile::ShowController
Stormpath::Rails::Oauth2::NewController
Stormpath::Rails::Oauth2::CreateController
Stormpath::Rails::IdSiteCallback::NewController
Stormpath::Rails::SocialController
Stormpath::Rails::Facebook::CreateController
Stormpath::Rails::Github::CreateController
Stormpath::Rails::Google::CreateController
Stormpath::Rails::Linkedin::CreateControllerTo override routes (while using Stormpath default controllers), please use the configuration file (config/stormpath.yml) and override them there. As usual, to see what the routes are, run rake routes.
You can use the Stormpath views generator to copy the default views to your application for modification:
rails generate stormpath:viewsstormpath/rails/layouts/stormpath.html.erb
stormpath/rails/login/new.html.erb
stormpath/rails/login/_form.html.erb
stormpath/rails/register/new.html.erb
stormpath/rails/register/_form.html.erb
stormpath/rails/change_password/new.html.erb
stormpath/rails/forgot_password/new.html.erb
stormpath/rails/shared/_input.html.erb
stormpath/rails/shared/_social_login.html.erb
stormpath/rails/verify_email/new.html.erb
In order to successfully authenticate via a social provider you need to set up your directories and account stores on your application. The Social Login Providers currently supported by Stormpath are Facebook, GitHub, Google and LinkedIn.
Social Directories are a kind of mirrored Directory, in that they are used to mirror user information found in an external database. This means that entities like Groups can only exist in a your Stormpath Social Directory if they are mirrored in from the external Social provider.
- create an application in the Google Developer Console
- enable Google Login for your Google application
- copy the OAuth Credentials (Client ID and Secret) for your Google application
- in the Credentials tab you will see the Restrictions section. Write the origin URI of your application in the Authorized JavaScript origins field. For example, if you want to test logging in via Google locally, you can write http://localhost:3000
- In the authorized redirect URIs type in the callback URI to which Google is going to redirect after successful authentication: http://localhost:3000/callbacks/google
- log in to your stormpath dashboard and visit the Directories section
- click on Create Directory and choose Google as the Directory Type. Name it and describe it however you want
- paste the copied OAuth Credentials that you copied when you created the Google application in the Google Client ID and secret fields
- paste the same authorized redirect URI as you did in the Google dashboard
- visit the Applications section and click on the application you're using
- click on Account Stores in the left sidebar and click on Add Account Store button
- after you add your newly created Google directory try starting up your server and visit /login. You should see the 1-click Google login button
- create an application on the Facebook Developer Site
- copy your OAuth credentials (App ID and App Secret)
- add your application’s private and public root URLs. You can use http://localhost:3000 if you're testing logging in locally
- make sure you make your application public by clicking on the App review tab in the left sidebar and activating your Facebook application
- log in to your stormpath dashboard and visit the Directories section
- click on Create Directory and choose Facebook as the Directory Type. Name it and describe it however you want
- paste the copied OAuth Credentials that you copied when you created the Facebook application in the Facebook Client ID and secret fields
- visit the Applications section and click on the application you're using
- click on Account Stores in the left sidebar and click on Add Account Store button
- after you add your newly created Facebook directory try starting up your server and visit /login. You should see the 1-click Facebook login button
- create an application in the GitHub Developer Site
- copy the OAuth Credentials (Client ID and Secret) for your GitHub application
- add your application’s redirect URL, which is the URL the user will be returned to after successful authentication. You can use http://localhost:3000 if you're testing logging in locally
- log in to your stormpath dashboard and visit the Directories section
- click on Create Directory and choose GitHub as the Directory Type. Name it and describe it however you want
- paste the copied OAuth Credentials that you copied when you created the GitHub application in the GitHub Client ID and secret fields
- visit the Applications section and click on the application you're using
- click on Account Stores in the left sidebar and click on Add Account Store button
- after you add your newly created GitHub directory try starting up your server and visit /login. You should see the 1-click GitHub login button
- create an application in the LinkedIn Developer Site
- add your application’s redirect URLs, which are the URL the user will be returned to after successful authentication. If you're testing locally you can write http://localhost:3000/callbacks/linkedin
- copy OAuth Credentials (Client ID and Secret) for your LinkedIn application
- make sure you check r_basicprofile and r_emailaddress under the Default Application Permissions
- log in to your stormpath dashboard and visit the Directories section
- click on Create Directory and choose LinkedIn as the Directory Type. Name it and describe it however you want
- paste the copied OAuth Credentials that you copied when you created the LinkedIn application in the LinkedIn Client ID and secret fields
- paste the redirect URI that you also saved in your LinkedIn dashboard http://localhost:3000/callbacks/linkedin
- visit the Applications section and click on the application you're using
- click on Account Stores in the left sidebar and click on Add Account Store button
- after you add your newly created LinkedIn directory try starting up your server and visit /login. You should see the 1-click LinkedIn login button
If you already have a Rails application that uses devise and need to transfer all users, accounts, or however you named your model there's a nifty rake task that you can create in your codebase by running:
rails generate stormpath:migrationThis will create a rake task that has the most common use cases for transferring user data into Stormpath:
lib/tasks/stormpath.rake
When you're finished modifying the rake task (minimum required modification: directory href and devise model that holds the data)
execute it with:
rake stormpath:migrateIf you wish to contribute to the gem, please follow these steps:
- Create a Stormpath Application.
- Export the following env variables:
- STORMPATH_CLIENT_APIKEY_ID
- STORMPATH_CLIENT_APIKEY_SECRET
- Create a Directory and associate it to the app. Make it the default account and group store for the app.
Clone the repo & install the dependencies with bundle install.
The suite is written with RSpec, so to run the specs you'll need to execute rspec
The suite uses the VCR gem to record all the HTTP requests. On first roll it records them and after that all of the tests use the recorded HTTP requests and run under 10 seconds.