Search code examples
ruby-on-railsdeviseruby-on-rails-5omniauth-facebook

Devise Omniauth-Facebook rememberable

Problem

I have Devise Omniauth-Facebook authentication. The log in with facebook works, but the Session is lost when the user goes to localhost:3000. I have the following GEMs:

Devise 4.2.0
Rails 5
omniauth 1.4.0
omniauth-facebook 4.0.0
omniauth-oauth2 1.4.0

Description

The Session works correctly for users not authenticated with Omniauth-Facebook,

This is my devise.rb omniauth-facebook settings:

config.omniauth :facebook, "APP_ID", "APP_SECRET", callback_url: "http://127.0.0.1:3000/users/auth/facebook/callback", scope: 'public_profile, email', image_size: 'large', provider_ignores_state: true

I already tried the following solution that did not work:

  1. turning off protect_from_forgery
  2. OmniAuth.config.full_host = "http://127.0.0.1:3000"
  3. Following the accepted solution of Jeroen van Dijk at the following post: Devise and OmniAuth remembering OAuth For this solution, in my rake routes I do not have the path user_oauth_connect_path, even if I added the route in routes.rb. I also think this is not the solution to my problem because I have Devise 4.2.0 and Rails 5
  4. @user.remember_me = true

All the previous solutions were taken from the following stackoverflow discussions:

Omniauth+Facebook lost session

Devise and OmniAuth remembering OAuth

The code is the standard one included in the guides from github of Devise and omniauth-facebook Thanks a lot for your help Fabrizio Bertoglio

Solution

  • Maybe this is the solution to my problem? Facebook login right now works and If the session is not stored, the user can login back again without problems. I did not have any more experiences about losing the session so I am not taking so much interest in this issue.

    Notice that Devise's RegistrationsController by default calls User.new_with_session before building a resource. This means that, if we need to copy data from session whenever a user is initialized before sign up, we just need to implement new_with_session in our model. Here is an example that copies the facebook email if available:

    class User < ApplicationRecord
  def self.new_with_session(params, session)
    super.tap do |user|
      if data = session["devise.facebook_data"] && session["devise.facebook_data"]["extra"]["raw_info"]
        user.email = data["email"] if user.email.blank?
      end
    end
  end
end

    Finally, if you want to allow your users to cancel sign up with Facebook, you can redirect them to cancel_user_registration_path. This will remove all session data starting with devise. and the new_with_session hook above will no longer be called.

    Omniauth Facebook Gihub page