README.md in omniauth-google-oauth2-0.3.0 vs README.md in omniauth-google-oauth2-0.3.1

- old
+ new

@@ -1,5 +1,8 @@ +[![Gem Version](https://badge.fury.io/rb/omniauth-google-oauth2.svg)](https://badge.fury.io/rb/omniauth-google-oauth2) +[![Build Status](https://travis-ci.org/zquestz/omniauth-google-oauth2.png)](https://travis-ci.org/zquestz/omniauth-google-oauth2) + # OmniAuth Google OAuth2 Strategy Strategy to authenticate with Google via OAuth2 in OmniAuth. Get your API key at: https://code.google.com/apis/console/ Note the Client ID and the Client Secret. @@ -20,11 +23,11 @@ ## Google API Setup * Go to 'https://console.developers.google.com' * Select your project. -* Click 'APIs & auth' +* Click 'Enable and manage APIs'. * Make sure "Contacts API" and "Google+ API" are on. * Go to Credentials, then select the "OAuth consent screen" tab on top, and provide an 'EMAIL ADDRESS' and a 'PRODUCT NAME' * Wait 10 minutes for changes to take effect. ## Usage @@ -223,41 +226,54 @@ This flow is immune to replay attacks, and conveys no useful information to a man in the middle. The omniauth-google-oauth2 gem supports this mode of operation out of the box. Implementors simply need to add the appropriate JavaScript to their web page, and they can take advantage of this flow. An example JavaScript snippet follows. ```javascript +// Basic hybrid auth example following the pattern at: +// https://developers.google.com/api-client-library/javascript/features/authentication#Authexample jQuery(function() { return $.ajax({ url: 'https://apis.google.com/js/client:plus.js?onload=gpAsyncInit', dataType: 'script', cache: true }); }); window.gpAsyncInit = function() { + gapi.auth.authorize({ + immediate: true, + response_type: 'code', + cookie_policy: 'single_host_origin', + client_id: 'YOUR_CLIENT_ID', + scope: 'email profile' + }, function(response) { + return; + }); $('.googleplus-login').click(function(e) { e.preventDefault(); gapi.auth.authorize({ - immediate: true, + immediate: false, response_type: 'code', cookie_policy: 'single_host_origin', - client_id: '000000000000.apps.googleusercontent.com', + client_id: 'YOUR_CLIENT_ID', scope: 'email profile' }, function(response) { if (response && !response.error) { - // google authentication succeed, now post data to server and handle data securely - jQuery.ajax({type: 'POST', url: "/auth/google_oauth2/callback", data: response, + // google authentication succeed, now post data to server. + jQuery.ajax({type: 'POST', url: "/auth/google_oauth2/callback", +data: response, success: function(data) { // response from server } }); } else { // google authentication failed } }); }); }; + ``` ### Omniauth state If you'd like to use omniauth state param, you can implement it by yourself using rails csrf token. For example: @@ -282,13 +298,9 @@ ``` # config/initialisers/omniauth.rb OmniAuth.config.full_host = Rails.env.production? ? 'https://domain.com' : 'http://localhost:3000' ``` - -## Build Status -[![Build Status](https://travis-ci.org/zquestz/omniauth-google-oauth2.png)](https://travis-ci.org/zquestz/omniauth-google-oauth2) - ## License Copyright (c) 2015 by Josh Ellithorpe