惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
Visual Studio Blog
爱范儿
爱范儿
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
雷峰网
雷峰网
V
V2EX
博客园_首页
Engineering at Meta
Engineering at Meta
博客园 - 聂微东
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Apple Machine Learning Research
Apple Machine Learning Research
GbyAI
GbyAI
H
Help Net Security
A
About on SuperTechFans
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Blog — PlanetScale
Blog — PlanetScale
W
WeLiveSecurity
云风的 BLOG
云风的 BLOG
D
Docker
Security Archives - TechRepublic
Security Archives - TechRepublic
Help Net Security
Help Net Security
N
News and Events Feed by Topic
Simon Willison's Weblog
Simon Willison's Weblog
G
Google Developers Blog
A
Arctic Wolf
T
The Blog of Author Tim Ferriss
博客园 - 叶小钗
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Google DeepMind News
Google DeepMind News
博客园 - 三生石上(FineUI控件)
aimingoo的专栏
aimingoo的专栏
Hacker News: Ask HN
Hacker News: Ask HN
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
博客园 - 司徒正美
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Privacy International News Feed
T
Troy Hunt's Blog
T
Tenable Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Recorded Future
Recorded Future
F
Fortinet All Blogs
D
DataBreaches.Net
B
Blog
T
Threat Research - Cisco Blogs
MyScale Blog
MyScale Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
The GitHub Blog
The GitHub Blog
Security Latest
Security Latest
M
MIT News - Artificial intelligence

Rc-2020 on Julia Evans

Day 57: Trying to set up GitHub Actions Day 56: A little WebAssembly Day 53: a little nginx, IPv6, and wireguard Day 52: testing how many Firecracker VMs I can run Day 51: Fixed my logging and made a couple of puzzles Day 50: Building some tarballs for puzzles, and trying to make a kernel boot faster Day 49: making the VMs boot faster Day 48: Another Go program, and a little vim configuration Day 47: Using device mapper to manage Firecracker images Day 46: debugging an iptables problem Day 44: Building my VMs with Docker Day 43: Building VM images Day 42: Writing a Go program to manage Firecracker VMs Day 41: Trying to understand what a bridge is Day 40: screen flickering & a talk about containers Day 39: Customizing gotty's terminal Day 38: Modifying gotty to serve many different terminal applications at once Day 37: A new laptop and a little Vue Day 35: Launching my VMs more reliably Day 34: Learning about qemu Day 33: pairing is magic and beautiful git diffs Day 32: A Rails model that doesn't use the database with ActiveHash Day 24: a short talk about blogging myths, and a debugging tip Day 23: a little Rails testing Day 21: wrangling systemd & setting up git deploys to a VM Day 19: Clustering faces (poorly) using an autoencoder Day 20: trying to figure out how Google Cloud IAM works Day 18: an answer to an autoencoder question Day 17: trying to wrap my head around autoencoders Day 13: BPTT, and debugging why a model isn't training is hard Day 11: learning about learning rates Day 10: Training an RNN to count to three Day 9: Generating a lot of nonsense with an RNN Day 8: Start with something that works Day 5: drawing lots of faces with sketch-rnn Day 3: an infinitely tall fridge Day 2: Rails associations & dragging divs around Day 1: a confusing Rails error message I'm doing another Recurse Center batch!
Day 22: getting OAuth to work in Rails
Julia Evans · 2020-12-09 · via Rc-2020 on Julia Evans

Today my goal was to set up OAuth login for a Rails project.

This was all pretty confusing because a) I don’t understand Rails yet and b) I decided to use an authentication library called Devise on top of it that I also don’t understand.

But one nice thing about Rails is that there are about 10 billion blog posts & Stack Overflow questions that make it possible to figure out what’s going on even if you don’t really know anything.

following tutorials without understanding them is kind of fun (but doesn’t work, of course)

I found an extremely nice content marketing tutorial on the digital ocean blog called How To Configure Devise and OmniAuth for Your Rails Application explaining how to set up OAuth with Rails. I followed all the steps without really understanding them and it kind of worked! Hooray.

This worked mostly fine when setting up GitHub login, but I also needed to implement a custom OAuth provider (for the Recurse Center OAuth), and so I learned a few things while fixing the bugs with that. Here they are.

it’s important to request the user’s information from the OAuth provider

I was just using OAuth for login, not to access an API, and (based on a very sketchy understanding of how OAuth works) I had this vague notion that once the OAuth server sent my application an access token, it would be “done”.

But I’d copied this template for creating a custom Omniauth provider from the docs and filled in all the fields, and it didn’t work!

It turns out that I’d misunderstood this line of code:

access_token.get('/me')

which I thought meant “get the /me field from a hashmap called access_token” but which actually means “make an HTTP request to the OAuth provider’s API using the access token, and get the path /me”. This is where the user’s name / email address / etc comes from, so it’s pretty important to get right.

I’d gotten the path wrong (since I didn’t realize it was a HTTP request at all!), and fixing the path made my OAuth integration work.

In OAuth, you need to send a redirect_uri to the OAuth provider (eg GitHub) with the URL of the page on your site to go back to.

In my case, this redirect_uri was supposed to be https://mysite.com/users/auth/github/callback. But my application was sending a http URL instead of an https URL. What? Why?

It turns out that something in Rails (I’m still not sure what honestly) looks at the X-FORWARDED-PROTO header from nginx to decide whether to build https or http links. My site was behind a Cloudflare proxy, so the requests coming into the site were all HTTP requests, and so my app thought http://... was the correct URL to use.

But it was not!!!

I added a

proxy_set_header X-FORWARDED-PROTO https; 

and everything was fixed.

tomorrow: maybe stop using devise?

Originally I thought I needed Devise to use the Omniauth gem, but it seems like maybe I don’t (according to this explanation on Railscasts).

And devise seems pretty complicated, so now that I have everything working I’m considering totally removing it and instead just using Omniauth. We’ll see if I feel like doing that or if it’s more fun to add actual features.