Rails - Devise+OmniAuth：如何为暂存版本设置凭据？

Question

在 /config/initializers/devise.rb 我有这样的东西：

  # production
  config.omniauth :facebook, 'aaa', 'bbb',
      :site              => 'https://graph.facebook.com',
      :authorize_path    => '/oauth/authorize',
      :access_token_path => '/oauth/access_token',
      :scope => 'email'

  # staging version
  config.omniauth :facebook, 'ccc', 'ddd',
      :site              => 'https://graph.facebook.com',
      :authorize_path    => '/oauth/authorize',
      :access_token_path => '/oauth/access_token',
      :scope => 'email'

当我将这 2 个代码块放入 devise.rb 文件时，我收到错误消息，提示凭据不正确。

我不知道为 Twitter 和 Facebook 等服务设置 OmniAuth 凭据以进行设计的最佳方法是什么 - 我使用的那个显然不正确。

为应用程序的 localhost、生产和暂存版本设置凭据的最佳方法是什么？

谢谢

Answer 1

您的 localhost 凭据似乎是错误的。我有两个版本的 creditals 用于开发和生产，这里是示例

if Rails.env.development?
    config.omniauth :facebook, "xxx", "yyy"
    config.omniauth :vkontakte, "xxx_loc", "yyy_loc"
else
    config.omniauth :facebook, "zzz", "rrr"
    config.omniauth :vkontakte, 'zzz_loc', 'rrr_loc'
end

在 /config/initializers/devise.rb

Answer 2

case Rails.env
when "production"
    # production version
    config.omniauth :facebook, 'aaa', 'bbb',
            :site              => GRAPH_URL,
            :authorize_path    => '/oauth/authorize',
            :access_token_path => '/oauth/access_token',
            :scope => 'email'
when "staging"
    # staging version
    config.omniauth :facebook, 'ccc', 'ddd',
            :site              => GRAPH_URL,
            :authorize_path    => '/oauth/authorize',
            :access_token_path => '/oauth/access_token',
            :scope => 'email'
else
    # development version
    config.omniauth :facebook, 'eee', 'fff',
            :site              => GRAPH_URL,
            :authorize_path    => '/oauth/authorize',
            :access_token_path => '/oauth/access_token',
            :scope => 'email'
end

Answer 3

处理不同凭据的最佳方法是将它们放入环境变量中，就像omniauth gem doc 所说：

https://github.com/intridea/omniauth#getting-started

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :developer unless Rails.env.production?
  provider :twitter, ENV['TWITTER_KEY'], ENV['TWITTER_SECRET']
end

这种方法有几个优点：

1. 让您的配置变得简单
2. 代码库中没有凭据
3. 它不限制您开发/测试/生产