Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Can Devise + Omniauth have several types of login?

Tags:

ruby-on-rails

devise

omniauth

I've used Devise as a standard authentication gem for other projects. In another project, I've used Devise + Omniauth for Twitter authentication.

In a new project I need my end users to be able to login via Twitter and Facebook or to be able to register via the app. In the future the user could link his accounts together. For example, his Twitter and Facebook account. Or, his Twitter and "native" account. "Native" being the account he registered with directly with the web app.

Is Devise capable of such? If so, how do we link the accounts of users together? What is the concept behind this? How does the app know which Facebook and Twitter account belong to which user?

Ideas and suggestions welcome.

EDIT:

I've been following http://railscasts.com/episodes/236-omniauth-part-2?autoplay=true and what i dont get is. If

  1. user is signed out of app,
  2. user has an account registered with app,
  3. user signs in with a different service provider (facebook, twitter, etc).

How does the app know how to link his new service provider with his already existing accounts?

Stackoverflow.com has this feature. But one service provider they are not including in their "multi-sign" on feature is Twitter. I'm guessing it's because Twitter doesn't expose the user's email through their API. While the other service providers (Facebook, Yahoo, Gmail) does.

like image 657
Christian Fazzini Avatar asked Aug 15 '11 14:08

Christian Fazzini

People also ask

What is devise UID?

As Devise support OmniAuth integration by default. In order to do so it creates two extra column provider and uid where provider consist oAuth provider i.e facebook, google, linkedin etc. and uid will consist unique id of the user who logged in using oAuth.

1 Answers

Email is generally used to link all the accounts, but with Twitter, you can't get the email account. Using the email is not really a good practice, because the user did not necessarily register to each service with the same email address.

Asking the user if he wants to use facebook/twitter/google/openid for authentication once he's logged in is the easiest way, and the more predictable for the user. You must prevent the effect "how does this website know my facebook account? Why are they tracking me?"

As a side note, the hardest part is not adding a new authentication method, but merging the accounts if the user, as an example, created one account with facebook, and one with twitter.

like image 181
Géal Avatar answered Oct 18 '22 06:10

Géal
Sign in to Comment

Related questions

Rails created_at timestamp order disagrees with id order
Rails 3: Update counter_cache only if published
Cannot find RadRails views in Aptana Studio 3
Guardfile for running single cucumber feature in subdirectory?
Globalize3 multiple locale form
Rails 3.1 http streaming -- js in head or bottom of body?
How to enable Ruby warnings in Rails?
Capistrano / Mercurial / tar "time stamp in the future" Message
What is the pros/cons of storing session data in file vs database?
Cucumber Rails 3.1 uninitialized constant ActionController::Dispatcher (NameError)
Cropping using Paperclip, ImageMagick, Jcrop and S3 storage: Why won't 'image.reprocess!' reprocess?
How to destroy session ("logout") with token-authenticated users
Generating Braintree Receipts
Rails 3 Cli executes commands really slow?
Rails : Using jquery tokeninput (railscast #258) to create new entries
Rails I18n nested translation keys
API Versioning within web applications
Multiple Checkboxes, Convert to String, Single DB Column Rails
retrieve filename and content-type from base64 encoded image ruby on rails
How to push Procfile to Heroku?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!