问题
I have Devise and Devise-JWT configured and working for a React single page application using good old email and password. Now, I'd like my users to be able to log in using Facebook/Google/Twitter, etc. Is Omniauth the way to go?
I have Omniauth sort of working with the Developer strategy and I wrote a method that generates the bearer token (I think):
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def developer
@user = User.from_omniauth(request.env["omniauth.auth"], current_tenant)
if @user.persisted?
sign_in @user, event: :authentication #this will throw if @user is not activated
token = Warden::JWTAuth::UserEncoder.new.call(@user, :user, nil).to_s
redirect_to # Now what?
I'm unsure about what would be the next step, passing the token to the frontend as a URL parameter? That feels kinda risky security-wise, isn't it? This leads me to believe that maybe I'm pushing in the wrong direction here. Am I? How should this be done?
来源:https://stackoverflow.com/questions/60572711/is-it-possible-to-use-omniauth-with-devise-jwt