How do I perform Facebook authentication in Rails?

Question

I've been struggling through Facebook authentication for a canvas app for a while. My approach is as follows:

1. Check the user's session for an access token.
2. Check the user's Facebook cookies for an access token.
3. Check the parameters for a signed_request.

If an access token is found during any of those 3 steps:

• I make a call to the graph API requesting the /me resource.
  • If the call is successful, the user is logged in.
  • If the call fails (causes an OAuthException), I request a new access token by redirecting the user to the Facebook OAuth endpoint to obtain a code, then obtaining a fresh access token by exchanging that code.

If no access token is found in the session, cookies, or signed_request, I display a landing page.

Is this the correct procedure? I've noticed that oftentimes there is no signed_request present in the parameters if the user's access token has expired. The method Facebook endorses for requesting a fresh access token results in 2 user-facing redirects as well as an API exchange, which seems a bit heavy.

The setup I'm working in is:

• Rails v3.0.8
• Koala gem v1.2.1

I've followed these guides:

• https://github.com/arsduo/koala/wiki/OAuth
• https://github.com/arsduo/koala/wiki/Koala-on-Rails
• https://developers.facebook.com/blog/post/500/

Answer 1

Have you considered using Omniauth? (https://github.com/intridea/omniauth) It wraps up all this stuff and lets you easily extend to other sites as well.