Is there any way to prevent users from accessing /auth/:provider if, say, they are not logged in? I've tried to use before_request_phase callback and Rack::Response to redirect them to sign in page but it haven't worked.
My application is not using omniauth for user authentication. Instead, it is used to connect third-party accounts to the user profile.
Thanks!
Ok, the solution I found was to create a new OmniAuth Strategy which inherits from the one I wanted to use and to override the request_phase method. Could not get the same behaviour using only OmniAuth configs in its initializer.
def request_phase
if env['rack.session']['warden.user.user.key'].present?
super
else
redirect '/'
end
end