Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Devise + omniauth-facebook Add permissions

Tags:

facebook

ruby-on-rails

devise

omniauth

we are letting the users sign up with minimum permissions like this:

Devise.setup do |config|
  config.omniauth :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'],
              :scope => 'email,offline_access,user_about_me'
end

We do this to increase signup rate (the less permissions you ask for the higher the conversion).

But later when for example the user wants to fb share something we need the publish_stream permission.

Does anyone know how to elevate the fb permissions? to for example: 'email,offline_access,user_about_me,publish_stream'

I'm aware that the user has to go through the oauth dialog again..but how to do this?

thanks

like image 605
Matthias Avatar asked Oct 05 '12 07:10

Matthias

1 Answers

First you need to add setup: true to be able to upgrade the list of permissions of the service:

Devise.setup do |config|
  config.omniauth :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'],
                  :scope => 'email,offline_access,user_about_me',
                  :setup => true
end

Add two routes in routes.rb:

devise_scope :user do
  get '/users/auth/:provider/upgrade' => 'omniauth_callbacks#upgrade', as: :user_omniauth_upgrade
  get '/users/auth/:provider/setup', :to => 'omniauth_callbacks#setup'
end

The first route is where the user should be linked to by using user_omniauth_upgrade_path(:facebook). The second setup route is the callback which omniauth will call internally and we can use to change the scope parameter.

These go into omniauth_callbacks_controller.rb:

def upgrade
  scope = nil

  if params[:provider] == "facebook"
    scope = 'email,offline_access,user_about_me,publish_stream'
  end

  redirect_to user_omniauth_authorize_path(params[:provider]), flash: {scope: scope}
end

When you specify setup: true inside of the omniauth configuration setup_path is called by default. We will use this to change the scope from the default in the strategy. Add this to omniauth_callbacks_controller.rb:

def setup
  request.env['omniauth.strategy'].options['scope'] = flash[:scope] || request.env['omniauth.strategy'].options['scope']
  render :text => "Setup complete.", :status => 404
end

Finally, in your views you can add:

<%= link_to "Upgrade Access", user_omniauth_upgrade_path(:facebook) %>

Source: http://willschenk.com/setting-up-devise-with-twitter-and-facebook-and-other-omniauth-schemes-without-email-addresses/#passing-dynamic-scopes-to-omniauth

like image 91
evedovelli Avatar answered Oct 11 '22 00:10

evedovelli
Sign in to Comment

Related questions

Is 100 or less requests per second (for non-cached pages) what one can expect with Rails?
Rails sms_fu error
Create a new environment in Rails
Is it possible to do a fragment caching in a rabl view?
What is the best practice for updating rails seed data
User-defined themes in a rails app: how to store the assets
How to use Decimal with precision and scale?
Why is overriding ActiveRecord::Base.initialize wrong?
Rails: auto increment column with scope
delayed_job doesn't work (rails 3.1.3)
Rails 3 ActiveAdmin CanCan. How to setup that User should only see records that belong to him?
What's a proper way of writing request specs in RSpec?
Make Asset Pipeline work with Chrome DevTools Autosave
Ruby on Rails: should all my ActiveRecord callback methods be private?
How to set composite key in Rails application
Does Shopify Order API allows filtering by nested fields?
Rails Active Record select parent and child as one result
ActiveAdmin filter boolean as single checkbox
Sending email with attachments
Twitter Bootstrap Dropdown broken after assets precompile

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!