I have a rails application which uses devise for authentication. when the application sends any notification to the user, then in order to see the notification or messages i provide a link to my rails application which redirects to a login page.
how can i avoid this login process, means i don't want the user to be asked to login by entering email and password, instead whenever the user clicks on that link, then the user should automatically login.
Devise provides sign_in controller helper which allows you to pass authentication programmatically.
sign_in(user)
I have an ruby on rails application that uses devise and omniauth-twitter gem to handle user management and authenication. Users can only login through twitter. I already have the application authenticating, however I would like to allow users to write a tweet; and if they are not logged in, authenticate through twitter then have the tweet they wrote before the authentication post to twitter.
I was wondering what is the best way to go about doing that?
Can I capture a request if a user is not logged in, log them in, then preform the captured request?
Just not sure how to go about doing this.
Thanks.
I am creating a rails app that requires sign up with twitter feature.And my application is based on email marketing service.Various types of email we will send user for the updates.
My concern here is that,twitter does not provide the email ID in response while authenticating a user via twitter API.
And now if I am creating that user in my database and allowing him to sign up by skipping some validation (Like email field is required). Then what should happen in the situation when my application will try to send the email to users.And this twitter user is not having email ID.
It will just skipped.
Is there any proper flow that I can use,so my app will work in correct flow.
Thanks!
Twitter doesn´t give you the email via API.
This works if you are using omniauth-facebook gem for example, but twitter doesn´t offer you the email - you have to create a workaround.
For example ask the user in a second step to fill in his/her email adress.
I have some questions on how Devise and OmniAuth work as I couldn't find any clarification on these one's I'm about to ask. Here I'll use Facebook as an example.
If I wanted users to be able to sign in using only Facebook and not be able to create an account, could I still use Devise? Does it still have a purpose?
If I were to go the Facebook route above, I see in my database it saves a "user" but does that user stay with that same ID or does it delete/change every time they re-sign in and they become "new users"?
What does using OmniAuth only mean for my application? It's basically the same as Devise right? Just going through a third party?
Right now, I created an app with just the omniauth-facebook gem and I'm thinking it's the same as Devise but just does the all the work for me (name, email, location, etc.) as if it was just a replacement.
The reason I ask these questions is because I don't want to end up assigning a user to a resource and it can't find him because it keeps changing the ID of said user because OmniAuth treats it like some type of sessions table (logging in) and not the actual user's table (save columns permanently). I want the the Devise functionality but to simply replace it with Facebook. I hope I'm making sense.
Thanks.
Well, Devise is an user management gem, so it will manage all your user sessions informations, password, password reset, confirmation ....
Everything that is related to registrations and login will be handled by devise.
Now if you want to add omniauth login (Facebook,Twitter,....) you have to use omniauth to take care of the login using any provider like Facebook.
Basically Omniauth allows you to link facebook users to your app users but works perfectly well with Devise.
For example when a user is created using Facebook signup it's created in the User Tables which has both devise and omniauth information. So your user will also be able to login using his email and create a password afterwards.
Facebook provide a unique ID for each user which is stored in your database, so when one user is created with Facebook login it has both an email address to use with Devise and the Facebook ID to use with Omniauth to login.
You can use both together with the same user model and manage how you want to do it.
You can for example let user to create a password after omniauth login so that they can login afterwards with either omniauth or devise.
Or you can also let existing user link their facebook account for future use.
I hope this is clear enough, if you have anymore questions let me know !
https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
Your user is your user. Omniauth provides an interface to your application which abstracts the whole Oauth protocol logic from you. But it's like this: your user signs in with his facebook account and gets a token. This token is bound to your user in your app, and that's how omniauth identifies him.
No, Omniauth is not the same as devise. Both try to address the same purpose (user authentication on your app), but while devise bundles the whole inner logic of identity provision in your app (creating an account, registering an account, registration emails, recovering an account, managing sessions, signing in, signing out...), Omniauth provides only an interface to link your user account to an authorized third-party account and access its information, and the rest you have to do yourself.
But they can work together (use devise to create accounts local to your app, use omniauth to link those accounts to third-party accounts and (maybe) fill some basic information for the user account based on his third party account, like facebook name, email, photo).
The sessions repository is independent of your users table, so there is no possibility of happening what you stated in the last paragraph.
Suppose user can login using either Facebook Account or OpenId. If user uses Facebook, I would like to put a button like publish on my homepage, else I will not put anything on it. How do I tell which authentication method user is using in OmniAuth?
In your callback method, you can access the request.env["omniauth.auth"]["provider"] varaible to determine if he used Facebook vs. OpenID.