Which SDK should we use?

[edolix]

How can we help?

Hey there!

I think there are other kind-of related issues like: #31 #34 #30 #20 #12

Looks like on rubygems there are two different SDKs:

1. https://rubygems.org/gems/onesignal
2. https://rubygems.org/gems/onesignal_sdk

onesignal_sdk matches OneSignal::VERSION (2.0.2) but in the installation instructions you mentioned onesignal that is still on 1.0.1.

onesignal-ruby-api/lib/onesignal/version.rb

Lines 13 to 15 in 6a970c4

	module OneSignal
	VERSION = '2.0.2'
	end

The repo is missing the git tag for 2.0.2 so there's a bit of confusion on which SDK should be used.

Thanks!

Code of Conduct

• I agree to follow this project's Code of Conduct

[edolix]

Note: tried to run with onesignal_sdk and i got a NameError: uninitialized constant OneSignal from the initializer.

UPDATE:

require 'onesignal' (not necessary in 1.0.1) at the top solved it

[bmulholland]

On the original issue: Wow yeah didn't even know about the other gem. If that's what we should be installing, that's what the docs should say...

About the require: Bundler will auto-require the lib, if there's a file with a name matching the name of the gem. In the case of onesignal_sdk, there's no matcing file; changing your Gemfile to hint Bundler with the name of the lib to require will remove the need to add the require. Specifically: gem "onesignal_sdk", require: "onesignal"

[edolix]

@bmulholland thanks for the hint!

About the other gem: i can confirm that solved #30 (and i guess it also solve all the others as well)

[bmulholland]

I was about to adopt onesignal_sdk myself, but paused: it's not published by someone clearly attached to OneSignal on RubyGems. Neither is the original, for that matter. How do we know one or both of them is under control of OneSignal? Could one of them be a supply chain attack? Was the new gem published because OneSignal has lost control of the old gem? If so, that speaks to real concerns about who may have control to them, and what may be published there. There's substantial security issues here. Ironically, installing directly from Github may actually be the safest installation method for now.

[edolix]

Maybe @rgomezp or @jkasten2 can help us here?

[jkasten2]

@bmulholland @edolix Thanks for reporting!

• onesignal - https://rubygems.org/gems/onesignal - Is the official OneSignal Ruby gem.
• onesignal_sdk - https://rubygems.org/gems/onesignal_sdk - Is unofficial and is not affiliated with OneSignal. We have reached out to Ruby Gems on this gem, so once resolved, others do not run into this confusion in the future.

onesignal gem

• 1.0.1 - Currently the latest major release
• 2.x.x - This is a beta branch, with OneSignal's User Model API. However it isn't listed available on Ruby Gems, this is something we will investigate why it wasn't published publicly.

Depending on what APIs you need to integrate with you may want to use the OneSignal ruby gem onesignal or use the REST API directly. If you simply want to send notifications onesignal will work well for this. If you need to use User Model APIs you will want to use the REST API directly, as this isn't an official production ready gem for them yet.

[edolix]

Thanks @jkasten2!

If you simply want to send notifications onesignal will work well for this.

That's true only if we don't have to use some fields like #30 or #34

[sherwinski]

Closing this issue as the original question is answered. All other issues regarding gem releases and missing features will be tracked in their respective tickets.