I'm using devise to authenticate users with facebook, and I'm trying to set up handling of facebook deauthorizations.
I have a user model with an attribute called authorized
, which gets updated when the facebook callback for the deauthorization occurs. All of that works.
I want to subclass the warden strategy to include checking of the user's authorization state, but I can't figure out which warden strategy to subclass.
If I remove all of the other authentication options provided by devise, and just use
devise :omniauthable, omniauth_providers: [ :facebook ]
there are no warden strategies defined when I run Warden::Strategies.send(:_strategies)
.
Which warden strategy should I be subclassing to get omniauth behavior?
I don't think there's a specific strategy for omniauth. I can't see one anyway. However, if you want to check the attribute on each request (e.g. they de-authorise your app whilst logged in to it), then you should instead override active_for_authentication?
in your User model. This is called as part of the check for each request by the Warden hook code in lib/devise/hooks/activatable.rb
. Don't forget to call super
and also implement an inactive message if you want. See the doc:
http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Authenticatable