Feb 18, 2014

Single Sign-on With Rails, WordPress and Oauth2

In this post I will explain how to configure Rails to perform single sign-on authentication using Oauth2 and your hosted WordPress site as an authentication provider.

I’ve worked on a few projects lately where there was a need to integrate a Rails site with an existing WordPress site in a Single Sign On fashion but without authenticating against a central auth store or use of an SSO appliance.  It is very easy to turn an existing WordPress installation into an OAuth provider and skip the hassle of maintaining a central authentication store or a conversion effort for users already using your WordPress blog.

Turning WordPress into an Oauth2 Provider

In order to turn our existing wordpress installation into an Oauth2 provider we first have to install the WordPress Oauth2 Complete plugin.  The official plugin in the WordPress plugins repository is missing some recent enhancements so I recommend installing from the 1.0.4 release on github: https://github.com/justingreerbbi/wordpress-oauth/archive/1.0.4.zip

General Installation Steps:

  1. Upload ouath2-complete to the /wp-content/plugins/ directory or use the built in plugin install by WordPress
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Click ‘Settings’ and then ‘permalinks’. Then simply click ‘Save Changes’ to flush the rewrite rules so that OAuth2 Provider permalinks are generated for the site.
  4. Last you must configure an Oauth2 client but we will come back to this after we get our rails app ready to authenticate against our WordPress site.

Authenticating Rails Against WordPress Oauth Provider

1. Create new rails app.

rails new omniauth-wordpress-oauth2-plugin-example . --database=sqlite3 -T

2. Add devise / omniauth gems to configuration file.

3. Run bundle install

bundle install

4. Run devise install / follow installation instructions post generator.

rails g devise:install

5. Generate devise user & run migrations

rails g devise user
rails db:migrate

6. Configure Your WordPress Provider installation

Install Oauth2 provider plugin for your wordpress site:

https://github.com/jwickard/wordpress-oauth

Create client entry for your rails app with the callback key set to:
http://your-rails-site.com/users/auth/wordpress_oauth2/callback
wp config panel

Save the generated key & secret for next step

7. Configure Devise / Omniauth provider information

Add provider to devise initializer config/initializers/devise.rb

8. Add routes configuration

Update routes config/routes.rb to add omniauth_callbacks controller

9. Create Callbacks Controller

Easiest to just create the class app/controllers/omniauth_callbacks_controller.rb instead of running generator.

10. Update User Model

Update user to be omniauthable

Update User model to find users by oauth provider data:

Wrapping Up

Now when an authenticated resource is requested on your rails site, the user will be redirected to the wordpress auth provider to login.  When the user has authenticated, they will be redirected back to your rails application and your app will receive a hash of user data passed from the authentication source:

More Information

Demo Application: https://github.com/jwickard/omniauth-wordpress-oauth2-plugin-example

That’s it!  Thanks!

About the Author

Object Partners profile.

One thought on “Single Sign-on With Rails, WordPress and Oauth2

  1. Alok Yadav says:

    Type Near “rails db:migrate”

    its ” rake db:migrate “

  2. Jonas says:

    Hello ObjectPartners

    I followed your guide and here’s the Devise login page: https://viachat-svom.herokuapp.com/users/sign_in

    However, nothing happens when I try to login with my WordPress credentials.

    What am I missing?
    Am I not supposed to login with my WordPress login credentials?

    Thank you
    – Jonas

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Blog Posts
Getting Started with CSS Container Queries
For as long as I’ve been working full-time on the front-end, I’ve heard about the promise of container queries and their potential to solve the majority of our responsive web design needs. And, for as […]
Simple improvements to making decisions in teams
Software development teams need to make a lot of decisions. Functional requirements, non-functional requirements, user experience, API contracts, tech stack, architecture, database schemas, cloud providers, deployment strategy, test strategy, security, and the list goes on. […]
JavaScript Bundle Optimization – Polyfills
If you are lucky enough to only support a small subset of browsers (for example, you are targeting a controlled set of users), feel free to move along. However, if your website is open to […]
Creating Mocks For Unit Testing in Go
Unit testing is an important part of any project, and Go built its framework with a testing package; making unit testing part of the language. This testing framework is good for most scenarios, but you […]