All threads / Login with Facebook Discussion
Ask A Question


You’re not receiving notifications from this thread.

Login with Facebook Discussion

Discussion for Login with Facebook
Andrew Porter ·

Thanks for the video—it was great! I would love to see how you'd approach managing multiple OmniAuth strategies for a single user without Devise.…

Rama Astadipati ·

Resource link replay video.
Thanks for great tutorial.

Wow, awesome episode Chris, very useful as always.

Thanks for the awesome tutorial.
In fb oauth, we are given an email address. But some platforms does not give an email address.
What is the best way to handle this case? I am trying to redirect a page where user can put their email address and save it. Could you please give me a guideline for this?

That would make for a good episode. I'll add this to my list. Luckily most of them, even Twitter, now provide email address.

The rough idea is that you should save the omniauth auth info to a cookie, and then redirect the user to set their email and save it all together.

Dan Frenette ·

So I followed the tutorial to the letter but kept getting this error when trying to authenticate:

`Could not authenticate you from Facebook because "Invalid credentials".`

Of course everything was copy pasted directly from the facebook developer screen so the credentials were correct. 45 minutes deep into stack overflow and I discovered that pasting this into my devise.rb (as a parameter after the app secret, before the scope) made things work.

`token_params: { parse: :json }`

Hope this helps anyone who's stuck, or maybe someone can tell me what I did wrong

Also fantastic episode Chris! Couldn't have gotten this far without this!

If we have an existing user in our application and he would like to login through Facebook having the same email address then this code breaks as the user was already exists with same email address in our Users table .

I have been enjoying learning this series. I noticed when I log out of devise and create a new devise account and then go connect the facebook it auto logs me in with the old session from the other user. Is there a way to allow some sort of session destroy or whats the best direction for this? Thanks 
You can't control the Facebook session (because that would be insecure), but you probably are thinking about this as a developer for testing purposes rather than a user. They'll only have one Facebook account, so when they approve your app, there is no reason to approve it a second time. For you testing, it feels weird, but that's exactly how you'd want it to work for your users.

You can visit your Facebook account's connected apps and revoke it each time if you want to fully reset the OAuth process so you get the approve permissions step each time.
My users are authenticating to access pages they manage. So I'm concerned if they connect a facebook account then realize the pages they need are in a different account. So I was thinking they could do some sort of disconnect. so they could attach a different facebook account. 
Ah okay, that makes sense. I think you always still authenticate as a Facebook user, and give access to your pages. So you should have API access to the user to get their pages and then let them choose and you'd just save that choice in your db. To let them remove it and choose again, you'd clear that record from your db, and then present them with the list of pages they manage from the API and save their choice.

Does that make sense? The last time I worked with Facebook pages was quite a few years ago. 
Yes. I'm successfully handing the pages as you mentioned. I'm sorry I don't think I was very clear before.  The user creates an account with Devise... in that account they "Connect" facebook. That gives access to pages they manage....... but what if they realize when no pages load that they connected the wrong facebook account... and therefore want to back track and disconnect that facebook account and attach a completely different one to the same devise user? 
Yeah, unfortunately there's no real action you can take there. It will automatically use their logged in account if it has been previously authorized. The only thing you can do is give them instructions on how to revoke the app on Facebook or tell them to log out. Only Twitter has an option for OAuth to force the user to login that I'm aware of. This is one of the big downsides to OAuth right now that should really be fixed and standardized.

With more and more concerns over the security and usage of user data at Facebook, does anyone have second thoughts about providing Facebook as an option?

I try to never use OAuth to login unless it's something that'll need access to that account (like a deployment tool that needs access to Github, might as well login to the app with Github then). It makes perfect sense in this case.

The thing I don't like is using social login on a website, you can't use the app anymore if you stopped using the social site. That's crappy and with lastpass, etc it's real easy to just generate passwords and login with email anymore. And phones are getting better about this too, but they still lag behind a bit.

Mailchimp has a great post on social logins that has since been taken down it seems:

That's a very interesting article, and also the one referenced within in. I hadn't thought too much about it making sites look like the side of a Nascar. Either way, I think I'll leave it out of my sign_up process for the time being.

Hi Chris, is there a way to implement a "remember me" for facebook login? My users are having to sign in with facebook every time they open the app. Thanks.

Hey Olivia! You might be able to add this to the User model so that they're always marked as "remember me" to extend the logins for as long as possible.

class User
  def remember_me

You can also configure Devise to have a longer cookie expiration which may help.

Hi Chris - I am trying to integrate facebook and LinkedIn login on Jumpstart Pro app. Do you recommend I follow this video to do so (e.g. add the OmniauthCallbacksController, etc.) to get it working?

I actually see that you already have an OmniauthCallbacksController file, so I guess I could fill that out similar to the source code here?

Never mind. I figured out! Everyone should purchase Jumpstart Pro!!!! So easy to use.

Hah, you beat me to answering it. I was going to say, we made it so that by default any omniauth libraries you add will be automatically handled by the callbacks controller so there's nothing to do unless you want to extend the integration.

So I am assuming LinkedIn omniauth is not as easy to integrate as the others, so that's why you skipped?

There are easily like 100+ OAuth providers so we just have a few of the most popular ones built-in and made it easy for you to add any of the other available ones.

How different would this approach be when using Rails as an API?

Hey Chris,

How dose one go ahead an configure development to force ssl? Facebook requires https now and there is now way (that i have found) in their dashboard to link to anything http?

Bless your cotton socks Chris. I don't know what we would do with out you.

Hi, i have an issue trying to login with subdomain in localhost. Facebook not allow anymore http redirects and doesn´t support wilcard. What could i do for test ?. By the way, thanks always for your job Chris.

Try using ngrok to expose your localhost to the internet. That will give you a public domain and SSL.

Join the discussion

Want to stay up-to-date with Ruby on Rails?

Join 70,078+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.

    logo Created with Sketch.

    Screencast tutorials to help you learn Ruby on Rails, Javascript, Hotwire, Turbo, Stimulus.js, PostgreSQL, MySQL, Ubuntu, and more. Icons by Icons8

    © 2023 GoRails, LLC. All rights reserved.