After I have restored the possibility for users to authenticate on my website using their Google accounts, I decided to give a try to the TweetBook plugin for Redmine, which lets authenticate users with their Facebook, Twitter and GitHub accounts. Unfortunately, it appeared to be more complicated, than I expected, and I had to fork and fix this plugin to be able to use it (the original plugin was created by Sandeep Kumar).
Eventually, you can login into my website using your Facebook, Twitter or GitHub account. Also, you can login using you Google account, what was already announced in a separate news.
What should you check, if you can’t login?
My version of the plugin requires the OAuth provider to provide the e-mail address of the user, who attempts to log in. So, if the e-mail address is not available you will get an error.
Here are the possible reasons (the ones, that I’m aware of):
- As I know, Twitter is not going to send your e-mail, if it’s not verified. So, make sure, it is verified.
- If your e-mail is not verified on Facebook or Facebook has failed to send notifications to it, it will be considered to be invalid and, therefore, won’t be sent to my website.
- GitHub allows to mark your e-mail as private. If it is marked this way, Github won’t send it to my website as well. So, unless you change this, you won’t be able to login into my website using your GitHub account.
How did I configure TweetBook?
Here are some steps, that I took to configure the plugin:
To make Twitter send me the e-mail address of the user, that attempts to login, I had to write Privacy policy and Terms of use for my website. These pages are required by Twitter for the app (my website, in this case), that wants to have access to the user’s e-mail address.
But, this did not help… Additionally, the app should explicitly ask for the e-mail in its request and the version of the omniauth-twitter gem, which is used by the official plugin, does not do this. So, I had to change the plugin to require omniauth-twitter 1.2.1 (the version, which starts to do this) or above.
The original plugin crashed, when I tried to login into my website using my Facebook account. This appeared to be caused by a bug in omniauth-facebook, which was fixed in version 3.0.0 of this gem. So, I had to modify the plugin to require this version or above too.
GitHub
GitHub appeared to be the only OAuth provider, that worked fine without any modification in the plugin.
What other changes did I do?
- My fork of the plugin can work under Redmine 2.5.xd – the version, which is currently used by Debian stable.
- It uses the e-mail address as the user’s login name (the original version uses
<nickname>_<uid>
). - My version of the plugin does not (attempt to) show the user’s avatar and which provider the user has used to login near the “Logged as” label (in top right corner of the Redmine interface). A user can use different methods to login (thus, he/she can use his Facebook account or Twitter account or even password) and the removed feature did not consider this.
- My fork imports additional personal data from your Twitter, Facebook or GitHub account to your profile on my website. You can check and modify them (or even remove them), if you want, by going to your profile (My account link in top right menu). In particular, the aforementioned data are:
- Twitter
- The (shortened) URL of your website on Twitter is imported into the Personal website user custom field.
- Your Twitter nickname is imported into the Twitter user custom field. In this way, your profile gets your Twitter page URL.
- Facebook
- Facebook user ID is used as a value of the Facebook user custom field. Using this value the custom field renders URL of your Facebook page.
- GitHub
- You Github nickname is imported into the Github user custom field. This custom field is used to generate the link to your Github profile page.
- The URL of your homepage, which you specified on Github, is used on my website as the value of the Blog user custom field.
- The Company name from your Github profile is used as the value of the Company user custom field.
- Twitter
- My Redmine is configured to require users to activate their account via e-mail. So, when the original plugin was used, users did not get the access to my website right after login due to this – instead they were asked to activate their accounts. Twitter, Facebook and GitHub have their own mechanisms to validate users’ e-mails and do not send them, when they are not validated, so another activation on my website seemed to be redundant. Therefore, I added the option “Skip account activation by email” to my fork of the plugin and enabled this option for my website.
- Finally, I changed the style of sign-in buttons of both TweetBook and OmniAuth Google plugins, so they looked identical.
Comments
Also available in: Atom
Add a comment