implement with oauth2 and octokit gems

app/controllers/application_controller.rb

@@ -7,9 +7,18 @@ def current_user
     @current_user ||= User.find_by(id: session[:user_id])
   end
 
+  def current_user_client
+    @current_user_client ||= Octokit::Client.new(access_token: session[:access_token])
+  end
+
+  def current_user_api_data
+    @current_user_api_data ||= current_user_client.user
+  end
+
   def logged_in?
     current_user.present?
   end
 
-  helper_method :current_user, :logged_in?
+  helper_method :current_user, :current_user_client, 
+                :current_user_api_data, :logged_in?
 end

app/controllers/sessions_controller.rb

@@ -4,26 +4,75 @@ def new
   end
 
   def create
-    # find if any user has that email
-    user = User.find_by(email: params[:email])
-
-    # if that user exists and it has a password that was sent
-    if user && user.authenticate(params[:password])
-
-      # save the user_id in the session hash
-      session[:user_id] = user.id
-
-      # and redirect to that user's home page
-      redirect_to users_path
-    else
-      # the email/password is wrong!
-      @message = "This email and password combination does not exist."
-      render :new
-    end
+    # make the create token request to the identity provider, which returns an
+    # OAuth2::AccessToken instance; take the "token" itself from the object
+    access_token = github_oauth_client.get_token(params[:code], {
+      redirect_uri: redirect_uri
+    }).token
+
+    # store the access token in the current session
+    session[:access_token] = access_token
+
+    # use Octokit to wrap the current user's access token to make simple,
+    # semantic information requests to the GitHub API (see the Application
+    # controller) via current_api_client, which then caches the user data
+    # (the first request) in current_api_user
+    user = log_in_user_with({
+      oauth_uid:    current_user_api_data['id'],
+      name:         current_user_api_data['name'],
+      email:        current_user_api_data['email']
+    })
+
+    # and then redirect to that user's home page
+    redirect_to user_path(user)
   end
 
   def destroy
     session[:user_id] = nil
     redirect_to root_path
   end
+
+  helper_method :code_uri
+
+  private
+
+  # make the redirect work for any port and server, instead of hard-coding it!
+  def redirect_uri
+    @redirect_uri ||= root_url[0..-2] + oauth_callback_path
+  end
+
+  def github_oauth_client
+    @github_oauth_client ||= OAuth2::Client.new(
+      ENV["GITHUB_OAUTH_ID"], 
+      ENV["GITHUB_OAUTH_SECRET"], 
+      site:          'https://github.com',
+      authorize_url: '/login/oauth/authorize',
+      token_url:     '/login/oauth/access_token'
+    ).auth_code
+  end
+
+  def code_uri
+    @code_uri ||= github_oauth_client.authorize_url(
+      :redirect_uri => redirect_uri,
+      :scope => ''
+    )
+  end
+
+  def log_in_user_with(credentials)
+    # find if any user has that oauth_uid
+    user = User.find_or_initialize_by(oauth_uid: credentials[:oauth_uid])
+
+    # if none does, add them to the database
+    if user.new_record?
+      user.name  = credentials[:name]
+      user.email = credentials[:email]
+      user.save
+    end
+
+    # save the user_id and access token in the session hash
+    session[:user_id] = user.id
+
+    # return the user model
+    user
+  end
 end

app/views/sessions/new.html.erb

@@ -3,5 +3,5 @@
     Let's get started. Here is where we will log in to this app using OAuth 2.
 </p>
 <p>
-  <%= link_to 'Log In with GitHub', '', class: "pure-button github button" %>
+  <%= link_to 'Log In with GitHub', code_uri, class: "pure-button github button" %>
 </p>

config/routes.rb

@@ -2,7 +2,8 @@
   resources :users
 
   resource :session, only: [:new, :create, :destroy]
-  get "/logout", to: "sessions#destroy"
+  get "/logout",         to: "sessions#destroy"
+  get "/oauth_callback", to: "sessions#create"
 
   root "sessions#new"
 end