Thincloud Authentication

A Rails Engine to provide authentication for Thincloud applications.

Download .zip Download .tar.gz View on GitHub


Build Status Code Climate


A Rails Engine to provide authentication for Thincloud applications.


This gem requires Rails 3.2+ and has been tested on the following versions:

  • 3.2

This gem has been tested against the following Ruby versions:

  • MRI 1.9.2
  • MRI 1.9.3
  • JRuby 1.6+ (with JRUBY_OPTS=--1.9)
  • Rubinius 2.0.0dev (with RBXOPT=-X19)

This gem has been tested against the following database versions:

  • MySQL 5.0, 5.5
  • PostgreSQL 9.1, 9.2
  • SQLite 3


Add this line to your application's Gemfile:

gem "thincloud-authentication"
  • Run bundle
  • Copy the migrations and prepare your databases:
$ rake thincloud_authentication:install:migrations db:migrate db:test:prepare
  • Mount the engine in your config/routes.rb file:
mount Thincloud::Authentication::Engine => "/auth", as: "auth_engine"

Using the example above, you may now login or signup at


The following must be true for thincloud-authentication to operate properly:

  • A root_url must be defined in config/routes.rb
  • A User model must exist


The Thincloud::Authentication module accepts a configure block with options to customize the engine behavior.


Set the layout option to customize the layout used by all thincloud-authentication views:

Thincloud::Authentication.configure do |config|
  config.layout = "other"


Set the mailer_sender option to customize the "From" address of the emails sent from the system:

Thincloud::Authentication.configure do |config|
  config.mailer_sender = ""


Set the cookie_options option to customize the options that get passed to the authentication cookies:

Thincloud::Authentication.configure do |config|
  config.cookie_options = { secure: true, domain: :all }

Additional provider strategies

  • Require the omniauth-#{provider} gem before the thincloud-authentication gem in the Gemfile:
gem "omniauth-linkedin"
gem "omniauth-stripe-connect"
gem "thincloud-authentication"
  • Add a key to the providers hash with the name of the strategy, followed by additional options for require, scopes and fields as needed. Additionally, you will need to provide environment variables (prefixed with the provider name), with the consumer_key and consumer_secret values from your OAuth provider.

To enable the LinkedIn and Stripe Connect providers:

  • Provide values for following environment variables:
  • Add the file config/initializers/thincloud_authentication.rb with the following contents:
Thincloud::Authentication.configure do |config|
  config.providers = {
    linkedin: {
      scopes: "r_emailaddress r_basicprofile",
      fields: ["id", "email-address", "first-name", "last-name", "headline",
               "industry", "picture-url", "location", "public-profile-url"]
    stripe_connect: {
      require: "omniauth-stripe-connect",
      scopes: "read_write"

Vanity Routes

If you want to customize the routes (remove the /auth prefix), you may add the following to your config/routes.rb file:

get "signup", to: "thincloud/authentication/registrations#new", as: "signup"
get "login", to: "thincloud/authentication/sessions#new", as: "login"
delete "logout", to: "thincloud/authentication/sessions#destroy", as: "logout"

Using the example above, you will have the following routes locally:

  • signup_url points to "/signup"
  • login_url points to "/login"
  • logout_url points to "/logout" - Make sure to use the delete method to logout.


You can customize the paths used to redirect users after login, logout, registration and email verification by overriding the corresponding methods in your ApplicationController, or specific controllers, as needed.

  • after_login_path is used after the user logs in.
  • after_logout_path is used after the user logs out.
  • after_registration_path is used after the user registers.
  • after_verification_path is used after the user verifies their email.
  • after_password_update_path is used after the user updates their password.

Working with Identities

Thincloud Authentication provides a few service objects to assist with creating and updating Identities:

  •, name: "Test Name", email: "") is used to create a new Identity for a user and send an email with an invitation URL which allows the user to choose a password.
  •, password: "s3kr1tz!", password_confirmation: "s3kr1tz!") is used to update the password for an existing Identity.

Both of the methods above will return true or false.


  • Add multiple, configurable strategy options
  • Add a configuration option to customize the mailers


  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Added some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a Pull Request