5

I can use devise with omniauth (oauth NOT openid) and a devise.rb config like this:

config.omniauth :google, KEY, SECRET

and it correctly does the redirection to google to ask permission (and returns)...

but unfortunately it always does that. It should (I believe) know that I just authorized permissions to use google and should skip that redirection to google after the first time. Any suggestions on how to get this working?

The permissioning I'm talking about is: "The site blah.com is requesting access to your Google Account for the product(s) listed below". I don't want this page to always reappear.

Improve this question

6 Answers 6

Reset to default
1

You need to implement callbacks yourself - neither Devise nor Omniauth provide these for you by default. It will take care of sending the user to your OAuth endpoint and make sure he returns, but it will not consume the information that was sent and/or log the user in.

It's up to you to do these things.

Devise has a wiki page on creating a simple callback controller: https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview

Ryan Bates has a Railscast on doing a more generic callback controller: http://railscasts.com/episodes/236-omniauth-part-2

And I've had a write-up for a generic callback controller as well: http://blog.impaled.org/code/2011/2/devise-1-2-with-omniauth-on-rails.html

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

I already have a callback. Unfortunately by the time the callback controller is hit it's already gone to the page at google requesting access. I have to assume that either I can have a callback prior to this page or somehow monkeypatch devise to ignore going to that page if I have some cookie set.
Google's authorization page shouldn't re-appear once you've granted permission. It will redirect to Google, of course, but if you're logged in and have granted permission before, it should redirect to your callback controller directly. I've never experienced a problem like this. If you deploy the app somewhere I could have a look.
It's one of those private apps I can't deploy elsewhere. Do you happen to know if the devise code is inspecting a cookie or is it just google knowing that the currently logged in user is already "authorized" based on the URL it's coming from?
The only two other important notes for my implementation are: a) I currently don't have SSL turned on (maybe an issue?); and b) I'm adding addition scopes to my config above: config.omniauth :google, KEY, SECRET, {:scope => "google.com/calendar/feeds docs.google.com/feeds"} . I've been concerned about http vs https issue.
ok - sorry for the influx of comments, but just having config.omniauth :google, "anonymous", "anonymous" as my config still has me re-authorizing the site. gem 'devise', '1.2.1' gem 'omniauth', '0.2.1'.
|
1

I upgraded to the latest omniauth/devise gems and used google_oauth2 gem (which is awesome!).

Because of this I was able to get past my issue because the creator of the gem added a parm to prevent re-auth.

See here

Improve this answer

Comments

0

Check: https://github.com/intridea/omniauth/pull/342

Google requires that we swap out for a long term auth token, but I'm not sure there is a clean way to do this with omniauth + devise.

Improve this answer

Comments

0

With omniauth-google-oauth2 I found you have to set 

:approval_prompt => ''

as an option on your line

provider :google_oauth2, ...

or it defaults to 'force' instead, which caused the same problem for me.

Deduced this from reading the part about approval_prompt on this page: https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview

Improve this answer

Comments

0

I had the issue where it would request the same permissions from the user each log in. I solved it by adding the access_type: "offline" and approval_prompt: "" to my devise.rb in the config folder as follows:

config.omniauth :google_oauth2, 'KEYHERE', 'SECRET_HERE', { access_type: "offline", approval_prompt: "", scope: 'userinfo.email,userinfo.profile' }

The scope above allows me to see basic info about the user and their email address.

Hope this helps.

Improve this answer

Comments

0

You must enable the "Contacts API" and "Google+ API" via the Google API console

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.