Login with Facebook Discussion
Andrew Porter
Thanks for the video—it was great! I would love to see how you'd approach managing multiple OmniAuth strategies for a single user without Devise.…
Rama Astadipati
Thanks for the awesome tutorial.
In fb oauth, we are given an email address. But some platforms does not give an email address.
What is the best way to handle this case? I am trying to redirect a page where user can put their email address and save it. Could you please give me a guideline for this?
That would make for a good episode. I'll add this to my list. Luckily most of them, even Twitter, now provide email address.
The rough idea is that you should save the omniauth auth info to a cookie, and then redirect the user to set their email and save it all together.
Dan Frenette
So I followed the tutorial to the letter but kept getting this error when trying to authenticate:
`Could not authenticate you from Facebook because "Invalid credentials".`
Of course everything was copy pasted directly from the facebook developer screen so the credentials were correct. 45 minutes deep into stack overflow and I discovered that pasting this into my devise.rb (as a parameter after the app secret, before the scope) made things work.
`token_params: { parse: :json }`
Hope this helps anyone who's stuck, or maybe someone can tell me what I did wrong
Also fantastic episode Chris! Couldn't have gotten this far without this!
If we have an existing user in our application and he would like to login through Facebook having the same email address then this code breaks as the user was already exists with same email address in our Users table .
You can visit your Facebook account's connected apps and revoke it each time if you want to fully reset the OAuth process so you get the approve permissions step each time.
Does that make sense? The last time I worked with Facebook pages was quite a few years ago.
With more and more concerns over the security and usage of user data at Facebook, does anyone have second thoughts about providing Facebook as an option?
I try to never use OAuth to login unless it's something that'll need access to that account (like a deployment tool that needs access to Github, might as well login to the app with Github then). It makes perfect sense in this case.
The thing I don't like is using social login on a website, you can't use the app anymore if you stopped using the social site. That's crappy and with lastpass, etc it's real easy to just generate passwords and login with email anymore. And phones are getting better about this too, but they still lag behind a bit.
Mailchimp has a great post on social logins that has since been taken down it seems: https://web.archive.org/web/20180820002438/https://blog.mailchimp.com/social-login-buttons-arent-worth-it/
That's a very interesting article, and also the one referenced within in. I hadn't thought too much about it making sites look like the side of a Nascar. Either way, I think I'll leave it out of my sign_up process for the time being.
Hi Chris, is there a way to implement a "remember me" for facebook login? My users are having to sign in with facebook every time they open the app. Thanks.
Hey Olivia! You might be able to add this to the User model so that they're always marked as "remember me" to extend the logins for as long as possible.
class User
def remember_me
true
end
end
You can also configure Devise to have a longer cookie expiration which may help.
Hi Chris - I am trying to integrate facebook and LinkedIn login on Jumpstart Pro app. Do you recommend I follow this video to do so (e.g. add the OmniauthCallbacksController, etc.) to get it working?
I actually see that you already have an OmniauthCallbacksController file, so I guess I could fill that out similar to the source code here?
Never mind. I figured out! Everyone should purchase Jumpstart Pro!!!! So easy to use.
Hah, you beat me to answering it. I was going to say, we made it so that by default any omniauth libraries you add will be automatically handled by the callbacks controller so there's nothing to do unless you want to extend the integration.
So I am assuming LinkedIn omniauth is not as easy to integrate as the others, so that's why you skipped?
There are easily like 100+ OAuth providers so we just have a few of the most popular ones built-in and made it easy for you to add any of the other available ones.
Hey Chris,
How dose one go ahead an configure development to force ssl? Facebook requires https now and there is now way (that i have found) in their dashboard to link to anything http?
Hi, i have an issue trying to login with subdomain in localhost. Facebook not allow anymore http redirects and doesn´t support wilcard. What could i do for test ?. By the way, thanks always for your job Chris.
Try using ngrok to expose your localhost to the internet. That will give you a public domain and SSL.