Devise and OmniAuth remembering OAuth

Question

So, I just got setup using Rails 3, Devise and OmniAuth via https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview.

I\'m successfully authenticating users v

Answer 1

I agree that you would expect Devise to set a session before the request goes to FB. I guess this is a missing feature of Devise.

I had the problem myself where I used token_authenticatable. An api client was calling the following url directly:

/users/auth/facebook?auth_token=TnMn7pjfADapMdsafOFIHKgJVgrBEbjKqrubwMXUca0n16m3Hzr7CnrP1s4z

Since I was using token_authenticatable i was assuming this would sign in the user. Unfortunately this doesn't work out of the box. What you have to do to get this working is making sure that the user is logged in before it gets to this path. You can do it in other ways, but the easiest way is to give a different url to the API client (in this case "users/connect/facebook". Here is my addition to the routes file that makes it work (assuming you have a user model with devise and you didn't change defaults):

authenticate :user do
  get 'users/connect/:network', :to => redirect("/users/auth/%{network}")
end

This will make sure the session is correctly created so the user is being recognized when he/she returns from facebook.