问题
Problem
I have Devise Omniauth-Facebook authentication. The log in with facebook works, but the Session is lost when the user goes to localhost:3000.
I have the following GEMs:
Devise 4.2.0
Rails 5
omniauth 1.4.0
omniauth-facebook 4.0.0
omniauth-oauth2 1.4.0
Description
The Session works correctly for users not authenticated with Omniauth-Facebook,
This is my devise.rb omniauth-facebook settings:
config.omniauth :facebook, "APP_ID", "APP_SECRET", callback_url: "http://127.0.0.1:3000/users/auth/facebook/callback", scope: 'public_profile, email', image_size: 'large', provider_ignores_state: true
I already tried the following solution that did not work:
- turning off protect_from_forgery
- OmniAuth.config.full_host = "http://127.0.0.1:3000"
- Following the accepted solution of Jeroen van Dijk at the following post:
Devise and OmniAuth remembering OAuth
For this solution, in my rake routes I do not have the path
user_oauth_connect_path, even if I added the route inroutes.rb. I also think this is not the solution to my problem because I have Devise 4.2.0 and Rails 5 - @user.remember_me = true
All the previous solutions were taken from the following stackoverflow discussions:
Omniauth+Facebook lost session
Devise and OmniAuth remembering OAuth
The code is the standard one included in the guides from github of Devise and omniauth-facebook Thanks a lot for your help Fabrizio Bertoglio
回答1:
Maybe this is the solution to my problem? Facebook login right now works and If the session is not stored, the user can login back again without problems. I did not have any more experiences about losing the session so I am not taking so much interest in this issue.
Notice that Devise's RegistrationsController by default calls User.new_with_session before building a resource. This means that, if we need to copy data from session whenever a user is initialized before sign up, we just need to implement new_with_session in our model. Here is an example that copies the facebook email if available:
class User < ApplicationRecord
def self.new_with_session(params, session)
super.tap do |user|
if data = session["devise.facebook_data"] && session["devise.facebook_data"]["extra"]["raw_info"]
user.email = data["email"] if user.email.blank?
end
end
end
end
Finally, if you want to allow your users to cancel sign up with Facebook, you can redirect them to cancel_user_registration_path. This will remove all session data starting with devise. and the new_with_session hook above will no longer be called.
Omniauth Facebook Gihub page
来源:https://stackoverflow.com/questions/42280622/devise-omniauth-facebook-rememberable