Chromebook OpenVPN

I recently got a new job and had the pleasure/torture of being assigned a Chromebook and needing to get it onto the VPN. This is easy on a Mac, which everybody else has, but since the ChromeOS is so lightweight, it was more challenging. I eventually got it to work though, so here are my directions!

If you don’t already, you’ll need some text editor (not Google Docs) and I had good luck with Caret and you’ll need some sort of sftp system and a shell.  I also recommend using developer mode for the Chromebook, as it makes for a lot less hassle long term.  You can also dual boot into linux, but I don’t do that as ChromeOS in developer mode has been enough for me to be pretty happy!

Network

First, have a read on Errietta’s blog and get an idea on how this will work.  I tried her directions and they weren’t entirely sufficient, but I got 90% there.
First go into your OpenVPN directory and build a key:
./build-key client1my

which will build a key and a certificate (.key and .crt) but they will be generated in the directory that the file vars specifies. I had to run:

openssl pkcs12 -export -in client1.crt -inkey client1.key -certfile ca.crt -name MyClient -out client.p12

Go into your openvpn/ccd directory and copy the most recent file . Don’t forget to increment both IPs in the file by 1 (so you don’t have conflicts later on!)

You should now have a client.p12 file.  Share this with the Chromebook in Google Docs.

 

On the Chromebook

Navigate to chrome://settings/certificates (in the browser) and in the Authorities tab, click ‘Import’ and select the ca.crt file (in the ‘shared with you’ section of Google Docs!)  You will be asked if you want to trust the ca, click on ‘trust this certificate for identifying websites’ and leave the rest blank.

Now navigate to chrome://settings/certificates and click on “your certificates” and then “import and bind to device” (NOTE: NOT JUST IMPORT, IT MUST BE IMPORT AND BIND TO DEVICE) and select the .p12 file from earlier.  You should see your (hardware-backed) by the certificate name.

ONC File

First, make your .onc file, as can be seen here: https://github.com/syedaali/configs/blob/master/openvpn-sample.onc and you will need to upload it.  In a browser tab, open chrome://net-internals and along the left side of the page, click on “ChromeOS” then click on the “choose file” button in the line “Import ONC File”

DO NOT PANIC IF NOTHING HAPPENS!  (I panicked and it was unnecessary!)

After a few short moments, the name you gave your network name should appear in the OpenVPN/L2TP screen (click on the wifi icon near your profile icon in the lower right corner of the Chromebook screen, click on VPN, and the file with your name on it should appear there!)

Fill in your password and leave OTC and group name blank.

 

Congrats, you’re all done!

Facebook User Authentication Using OmniAuth

Introduction

OmniAuth is a Ruby on Rails library that provides standardized multi-provider authentication for web applications.  It makes login easy for user by allowing them to  use usernames and passwords from other websites to log into your app.  OmniAuth works on a number of providers, such as Amazon, Github, and Facebook.  A full list of provider strategies can be viewed here: https://github.com/omniauth/omniauth/wiki/List-of-Strategies

Each strategy is released as its own ruby gem and all of them can be found on RubyGems.

👍🏽OmniAuth works with Ruby web projects, so you will need to have either Sinatra or Rails installed in your project before beginning👍🏽

For the purposes of this guide, we will be looking specifically at the Facebook strategy for OmniAuth Facebook log in, as it is one of the more popular and also one of the more complex user authentication processes.  We will also be focusing on Rails, but most of the information will be the same or translatable for Sinatra projects.

😺NOTE: In code examples, things that say YOUR_APP, YOUR-APP, or YOUR_FACEBOOK_APP_ID (and the like) will need to be replaced with whatever your app is called (the directory name, most likely) or your Facebook App ID.  If things aren’t working, be sure to check those!😺

Installing

First you will need to add the following line to your Gemfile

gem ‘omniauth-facebook’

Any additional OmniAuth strategies will need to be added individually.  Be sure that you install it after the Rails or Sinatra gem in your Gemfile.  After you have entered the gem, run bundle install the the terminal (in your app’s directory!)

The database now needs to be migrated as well as letting Rails know what information will need to be required, which we will accomplish by the following command in the terminal (again in your app’s directory):

rails g migration AddOmniauthToUsers provider:string uid:string

Then you will need to migrate the database, which can be done in Rails by this command in the terminal:

rake db:migrate

Get Facebook Information

Next you will need to register your app with Facebook and get log in credentials.  Go to https://developers.facebook.com/ and click on “Add A New App” in the dropdown in the upper right corner of the page.  Enter the name you wish to display on your app, a contact email, and select a category that best fits what your app does.

Click on Settings on the left side of the page and here you will see your App ID and  App Secret key.

screen-shot-2016-11-17-at-8-00-42-am

For my project, I used a localhost alternative, lvh.me.  lvh.me is a domain that is set up to point to 127.0.0.1, which is localhost.   This made the Facebook callbacks easier to work with and I highly recommend using it, but if you prefer trying localhost directly, that’s up to you!

Add your app’s domain name in App Domains.  I’ll be using lvh.me, followed by the port number.  Click on ‘Add Platform’ at the bottom of the page and select ‘Website’ followed by entering your Site URL.  The Site URL and the App Domain will need to match.

In the root directory of your Rails project find (or if you don’t have it yet, create) a .env file.   On a new line add FACEBOOK_APP_SECRET=YOUR_APP_SECRET replacing YOUR_APP_SECRET with your App Secret key. There are no spaces and no quotation marks, brackets, or braces.

 You will now use the OmniAuth::Builder Rack middleware to build the list of strategies and what needs your app has for the use authentication in config/initializers/omniauth.rb:

Replace 'YOUR_FACEBOOK_APP_ID' with the App ID on your Facebook Developer dashboard and keep the single quote marks intact.

👍🏽Your App Secret key should remain private, so if you are using a public Git service, such as Github, remember to add your .env file to .gitignore.  👍🏽

 

Adding CoffeeScript

One other file that will need to be added, if you don’t already have it, is a app/assets/javascripts/facebook.js.coffee

Add the following to that file:

 

 

This adds callback information to our app so that we send the right information to Facebook’s API and return the information given to us in a manner that we can work with.   It also separates the JavaScript code from the rest of our code, which makes everything easier to read.

 

Integrating OmniAuth Facebook Into Application

OmniAuth was intentionally designed to be extremely agnostic as far as what providers you use and what information you can get from those providers.  In the Facebook API we can get several different pieces of information from the user’s profile.

Option Keywords Default Value Description
callback_url/ callback_path If you wish to have a server-side flow, you can specify a custom callback URL. This should be specified in your Facebook app configuration (in ‘Advanced’ settings)
display page How the authentication page shows up to the user. https://developers.facebook.com/docs/reference/dialogs/oauth/
image_size square Displaying user profile image. https://developers.facebook.com/docs/graph-api/reference/user/picture/
locale Specify which location should be used when acquiring user information. https://developers.facebook.com/docs/internationalization/
scope email A list of permissions that you may request from the user. https://developers.facebook.com/docs/reference/login/
secure_image_url false If you set this to true the user profile image url will be returned in the auth hash

 

As an example, if you wanted to get a user’s home town you would put in the same config/initializers/omniauth.rb:

 

 

Any additional requests can be added below as a separate line in the same middleware.

Logging

In the same config/initializers/omniauth.rb, we will add a logger at the top of the file:

OmniAuth.config.logger = Rails.logger

This will allow us to view the logs of OmniAuth communicating between the app and the Facebook Graph API.

Using OmniAuth

One way to utilize OmniAuth is by linking it in a button to ask users to log in:

 

 

Which gives us a button that looks like this, with some styling:

screen-shot-2016-11-19-at-11-27-39-am

 

Trying It Out

Try clicking the button or link to log into the site.   The first time I tried this, I got this error:

 

screen-shot-2016-11-19-at-5-06-54-pm

 

This error was solved by entering the correct site on the Facebook Developers and making sure the Facebook Login Settings are set correctly:

 

screen-shot-2016-11-19-at-10-15-31-pm

screen-shot-2016-11-19-at-5-44-08-pm

 

👍🏽Remember to restart your Rails server if nothing else is working!👍🏽

 

Conclusion

By now you should be able to log into your site using the Facebook OmniAuth gem.  OmniAuth is an easy way to use the Facebook API in Ruby web applications.

 

More information about OmniAuth and the Facebook API can be viewed at:

The Github page for OmniAuth-Facebook: https://github.com/mkdynamic/omniauth-facebook

Using the Facebook JavaScript SDK: https://coderwall.com/p/jwcrpq/facebook-javascript-sdk-with-coffeescript

Using the Facebook API: https://developers.facebook.com/