0
0
Ruby on Railsframework~10 mins

OAuth integration basics in Ruby on Rails - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Concept Flow - OAuth integration basics
User clicks 'Login with Provider'
Redirect to Provider's OAuth page
User grants permission
Provider redirects back with code
App exchanges code for access token
App uses token to get user info
User logged in or registered
This flow shows how a user logs in using OAuth: starting from clicking login, granting permission, and the app getting user info to log them in.
Execution Sample
Ruby on Rails
# routes.rb: get '/auth/:provider/callback', to: 'auth#callback'
# app/controllers/auth_controller.rb
def callback
  auth = request.env['omniauth.auth']
  user = User.find_or_create_from_auth(auth)
  session[:user_id] = user.id
  redirect_to root_path
end
This code handles the OAuth callback in a Rails AuthController, finds or creates the user, saves their ID in session, and redirects home.
Execution Table
StepActionData/VariableResult/State Change
1User clicks 'Login with Google'N/ARedirect to Google OAuth page
2User grants permissionN/AGoogle redirects back with code
3App receives callbackrequest.env['omniauth.auth']Auth hash with user info received
4Find or create userUser.find_or_create_from_auth(auth)User record found or created
5Set session user_idsession[:user_id] = user.idUser logged in in session
6Redirect to homeredirect_to root_pathUser sees home page logged in
💡 OAuth flow completes after user is logged in and redirected home
Variable Tracker
VariableStartAfter Step 3After Step 4After Step 5Final
authnil{provider: 'google', uid: '123', info: {...}}{provider: 'google', uid: '123', info: {...}}{provider: 'google', uid: '123', info: {...}}{provider: 'google', uid: '123', info: {...}}
usernilnilUser(id=1, name='Alice')User(id=1, name='Alice')User(id=1, name='Alice')
session[:user_id]nilnilnil11
Key Moments - 3 Insights
Why do we need to exchange the code for an access token?
The code is temporary and can't access user info directly. Exchanging it for a token lets the app securely get user data, as shown in step 4 of the execution_table.
What happens if the user is new and not in our database?
The method User.find_or_create_from_auth creates a new user record with the info from auth, so the app can log them in, as seen in step 4.
Why do we store user.id in session?
Storing user.id in session keeps the user logged in across requests, so the app knows who is logged in, as shown in step 5.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what variable holds the user info returned by the provider at step 3?
Asession[:user_id]
Bauth
Cuser
Drequest.env
💡 Hint
Check the 'Data/Variable' column at step 3 in execution_table
At which step does the app save the user ID in the session?
AStep 5
BStep 4
CStep 3
DStep 6
💡 Hint
Look at the 'Action' and 'Result/State Change' columns in execution_table
If the user denies permission on the provider page, what would happen in this flow?
AApp receives auth hash and logs user in
BUser is created anyway
CApp never receives callback with code
DSession user_id is set to nil
💡 Hint
Think about step 2 and what happens if permission is not granted
Concept Snapshot
OAuth integration basics in Rails:
- User clicks login, redirected to provider
- Provider returns code after permission
- App exchanges code for access token
- App gets user info, finds or creates user
- User ID saved in session to keep login
- Redirect user to home page logged in
Full Transcript
This visual execution shows how OAuth integration works in a Rails app. The user starts by clicking a login button, which sends them to the provider's OAuth page. After granting permission, the provider redirects back with a code. The app receives this code in the callback route, exchanges it for an access token, and uses that token to get user info. Then the app finds or creates a user record and saves the user's ID in the session to keep them logged in. Finally, the user is redirected to the home page. Key points include exchanging the code for a token to securely get user data, creating a user if new, and storing user ID in session for login persistence.