I've got omniauth Facebook working and I'd like to implement age verification so that minors can't join.
I have decided to ask users for their date of birth before I show them the signup page.
If the user provides a valid date of birth and chooses to join with Facebook, then I would like to send that date of birth over to Facebook and have it returned along with the user when authentication is complete, so that I can use it when creating their account.
Do that make sense? Is it possible to tell omniauth that I have a bunch of attributes gathered earlier, and I'd need you to send them back to me so I don't lose them and have to ask the user for their date of birth twice?
Failing that, what can I do besides ask for the date of birth again?
You can ask facebook to pass the "birthday" of the user but for that you'll need to ask for that scope on your oauth flow, by requesting "user_birthday" scope. Then you'll need to issue a new request to fetch that.
So after the oauth flow you should have a token, scoped for user_birthday.
With that token you can construct the following URI:
https://graph.facebook.com/v2.4/me?fields=birthday&access_token=THE_TOKEN_RECEIVED_THROUGH_OMNIAUTH
And use Net::HTTP to get that resource (or whatever library you want). If your access token grants access to the birthday scope you'll get a json response that you'll need to parse so you can read the value.
You'll also need to take care of the situation in which the user might reject to give you permission to the birthday scope (say they thought you could use that to verify their age - since you asked for it earlier it's an easy to make deduction... and they deny you access to it over facebook because they're not the age you required), by either halting the registration, proceeding, or whatever you deem appropriate. Also remember that the user might not have the birthday set on facebook.
If you just want to keep track of the birthday the user input in the first place, just store it in the session[:user_birthday] or something.