Solidus Social

Build Status Code Climate

Core for all social media related functionality for Solidus. The Solidus Social gem handles authorization, account creation and association through social media sources such as Twitter and Facebook. This gem is beta at best and should be treated as such. Features and code base will change rapidly as this is under active development. Use with caution.

Setup for Production

Add this extension to your Gemfile:

gem 'solidus_social'

Then run:

$ bundle && bundle exec rails g solidus_social:install
$ bundle exec rake db:migrate

Preference(optional): By default url will be '/users/auth/:provider'. If you wish to modify the url to: '/member/auth/:provider', '/profile/auth/:provider', or '/auth/:provider' then you can do this accordingly in your config/initializers/spree.rb file as described below -

Spree::SocialConfig[:path_prefix] = 'member' # for /member/auth/:provider
Spree::SocialConfig[:path_prefix] = 'profile' # for /profile/auth/:provider
Spree::SocialConfig[:path_prefix] = '' # for /auth/:provider

Spree Setup to Utilize OAuth Sources

Login as an admin user and navigate to Configuration > Social Authentication Methods

Click on the New Authentication Method button to enter the key obtained from their respective source, (See below for instructions on setting up the various providers).

Multiple key entries can now be entered based on the rails environment. This allows for portability and the lack of need to check in your key to your repository. You also have the ability to enable and disable sources. These setting will be reflected on the client UI as well.

Alternatively you can ship keys as environment variables and create these Authentication Method records on application boot via an initializer. Below is an example for facebook.

# Ensure our environment is bootstrapped with a facebook connect app
if ActiveRecord::Base.connection.table_exists? 'spree_authentication_methods'
  Spree::AuthenticationMethod.where(environment: Rails.env, provider: 'facebook').first_or_create do |auth_method|
    auth_method.api_key = ENV['FACEBOOK_APP_ID']
    auth_method.api_secret = ENV['FACEBOOK_APP_SECRET'] = true

You MUST restart your application after configuring or updating an authentication method.

Setup the Applications at the Respective Sources

OAuth Applications @ Facebook, Twitter and / or Github are supported out of the box but you will need to setup applications are each respective site as follows for public use and for development.

All URLs must be in the form of domain.tld you may add a port as well for development


Facebook / Developers / Apps

  1. Name the app what you will and agree to the terms.
  2. Fill out the capcha
  3. Under the Web Site tab
  4. Site URL: http://your_computer.local:3000 for development / for production
  5. Site domain: your-computer.local / respectively


Twitter / Application Management / Create an application

  1. Name and Description must be filled in with something
  2. Application Website: http://your_computer.local:3000 for development / for production
  3. Application Type: Browser
  4. Callback URL: http://your_computer.local:3000 for development / for production
  5. Default Access Type: Read & Write
  6. Save Application


Github / Applications / Register a new OAuth application

  1. Name The Application
  2. Main URL: http://your_computer.local:3000 for development / for production
  3. Callback URL: http://your_computer.local:3000 for development / for production
  4. Click Create

This does not seem to be a listed Github item right now. To View and / or edit your applications goto


Amazon / App Console / Register a new OAuth application

  1. Register New Application
  2. Name the Application, provide description and URL for Privacy Policy
  3. Click Save
  4. Add Your site under Web Settings > Allowed Return URLs (example: http://localhost:3000/users/auth/amazon/callback)

The app console is available at

Other OAuth sources that are currently supported

  • Google (OAuth)

Adding other OAuth sources

It is easy to add any OAuth source, given there is an OmniAuth strategy gem for it (and if not, you can easily write one by yourself. For instance, if you want to add authorization via LinkedIn, the steps will be:

  1. Add gem "omniauth-linkedin" to your Gemfile, run bundle install.
  2. In an initializer file, e.g. config/initializers/devise.rb, add and init a new provider for SolidusSocial:

    SolidusSocial::OAUTH_PROVIDERS << ['LinkedIn', 'linkedin']
  3. Activate your provider as usual (via initializer or admin interface).

  4. Override spree/users/social view to render OAuth links in preferred way for a new one to be displayed. Or alternatively, include to your CSS a definition for .icon-spree-linkedin-circled and an embedded icon font for LinkedIn from (the way existing icons for Facebook, Twitter, etc are implemented). You can also override CSS classes for other providers, .icon-spree-<provider>-circled, to use different font icons or classic background images, without having to override views.


See corresponding guidelines.

Copyright (c) 2014 John Dyer and contributors, released under the New BSD License