Skip to content

Customizing authentication

Jump to bottom Edit New page
Kavya Sukumar edited this page Jan 8, 2016 · 5 revisions

Autotune uses oAuth providers for authentication.

At Vox Media, we use Chorus as the authentication provider. However, it can be set up to use any provider like GitHub, Twitter or your organization's authentication system as long as it is oAuth compliant.

Before implementing new authorization providers, it is important to understand how Autotune authenticates and authorizes users.

oAuth in Autotune

Autotune uses omniauth to implement oAuth support. For more info on how to integrate new providers into Autotune, read the wiki.

Roles

Apart from authentication, the oAuth credentials are also used to authorize users. Autotune supports three roles - superuser, editor and author.

  • superuser : Super user privilege gives the user full access to everything in Autotune. Only super users can add new blueprints or manage existing ones.
  • editor : Editors can create projects as well as edit other users' projects.
  • author : Authors are the lowest privilege role. Authors can create projects. They can see only the projects they created and cannot edit other users' projects.

Themes

Autotune uses themes as authorization groups. A user's access can be limited to certain themes.

Setting up your own provider

Adding your own authentication provider is easy with omniAuth.

Once your rails app is setup, the initializer for omniAuth can be found under /config/initializers/omniauth.rb. For instance, the following code snippet sets up gitHub as the auth provider for production, while keeping a developer authentication provider for other environments.

Rails.configuration.omniauth_preferred_provider = Rails.env.production? ? :github : :developer
Rails.application.config.middleware.use OmniAuth::Builder do
  provider :developer unless Rails.env.production?
  provider :github, ENV['GITHUB_KEY'], ENV['GITHUB_SECRET']
end

Modify this file as required to customize your providers.

Adding authorization

Authorization is done by the verify_omniauth function in /config/initializers/autotune.rb.

See code here for documentation on how to assign roles.

  • To assign global roles (applicable across all themes) return an array with a role symbol. For instance, to make the user a super user, return [:superuser].
  • To assign a role to particular themes, return a hash in the following format - :{role_name} => [{comma separated list of themes}].
    Eg: :author => [:mynewsorg] or :editor => [:mynewsorg, :generic].

Make sure you add a theme to conf.themes before you provide a role for it.

Add a custom footer
Clone this wiki locally