Custom OmniAuth Configuration Ruby on Rails

149 views Asked by At

Following this tutorial here.

I'm having an issue finding any information on what I am trying to accomplish.

I currently have my rails app set up with custom user authentication. Also users have a role string within the database which is used to determine what they see and can do within application.

      ROLES = %w[non-profit company person]            

    def role_symbols
    [role.to_sym]
     end

Within the sign up form regular the user is able to enter , Name, email address, username, and password. And also have to select their user role.

  Signup.html.erb 
               <h3>Choose Account Type                     </h3>
  <%= f.input :role, :collection => User::ROLES.map { |s| [s.humanize, s] }, required: true, label: false, input_html: { class: 'input-md' } %>

My goal is to have my sign up form with twitter and facebook omniauth. When they click create account with twitter or facebook I would like the user to be able to select their role. The current omniauth configuration I'm a little confused on how to add a custom selection. Is there anyway to make sure a user selects a role before their account is created by linking twitter or facebook accounts.

Any help would be amazing thank you.

1

There are 1 answers

0
max On

Lets look at the oauth flow - in this example we use facebook but it could be any provider.

  1. The user clicks the login link which points to /auth/facebook.
  2. OmniAuth redirects the to the auth dialog https://www.facebook.com/dialog/oauth...
  3. The user will be prompted to grant permissions to the app. They can choose to accept or refuse. The user is redirected back to your application.
  4. The return "callback" is handled by your application. Usually this would be at /auth/callbacks/facebook. You get a hash containing the creditials and user info. Exactly what you do with it and how redirect the user after login is up to you.

If you want the user to provide you additional details you would accomplish this by redirecting the user after signing in. You should however create the user account first and then allow the user to provide additional details. While its technically possible to stash the credentials somewhere OAuth is complicated enough on its own so that you don't want to throw in a bunch of extra steps in the auth flow.