Add this line to your application's Gemfile:
gem 'omniauth-figma-oauth2'
gem 'omniauth-rails_csrf_protection'
And then execute:
$ bundle
Or install it yourself as:
$ gem install omniauth-figma-oauth2
Register your application with Figma to receive your Client ID and Secret key: https://www.figma.com/developers/apps
This is an example that you might put into a Rails initializer at config/initializers/omniauth.rb:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :figma, ENV['CLIENT_ID'], ENV['CLIENT_SECRET']
endYou can now access the OmniAuth Figma OAuth2 URL: /auth/figma.
Make sure that all links to /auth/figma use POST requests. For example:
link_to 'Sign in via Figma', '/auth/figma', method: :post
# or
button_to 'Sign in via Figma', '/auth/figma'For more info check: https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
Here's an example Auth Hash available in request.env['omniauth.auth']:
{
provider: 'figma',
uid: '510245748683192988',
info: {
email: '[email protected]',
name: 'John',
image: 'https://s3-alpha.figma.com/static/user_j.png',
},
credentials: {
access_token: '<TOKEN>',
expires_in: '<EXPIRATION (in seconds)>',
refresh_token: 'refresh_token'
}
}Bug reports and pull requests are welcome on GitHub at https://github.com/phiele/omniauth-figma-oauth2.
The gem is available as open source under the terms of the MIT License.