Google oauth via devise and omniauth/oauth continually requesting access

Question

I can use devise with omniauth (oauth NOT openid) and a devise.rb config like this:

config.omniauth :google, KEY, SECRET

and it correctly does the redirection to google to ask permission (and returns)...

but unfortunately it always does that. It should (I believe) know that I just authorized permissions to use google and should skip that redirection to google after the first time. Any suggestions on how to get this working?

The permissioning I'm talking about is: "The site blah.com is requesting access to your Google Account for the product(s) listed below". I don't want this page to always reappear.

Answer 1

You need to implement callbacks yourself - neither Devise nor Omniauth provide these for you by default. It will take care of sending the user to your OAuth endpoint and make sure he returns, but it will not consume the information that was sent and/or log the user in.

It's up to you to do these things.

Devise has a wiki page on creating a simple callback controller: https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview

Ryan Bates has a Railscast on doing a more generic callback controller: http://railscasts.com/episodes/236-omniauth-part-2

And I've had a write-up for a generic callback controller as well: http://blog.impaled.org/code/2011/2/devise-1-2-with-omniauth-on-rails.html

Answer 2

I upgraded to the latest omniauth/devise gems and used google_oauth2 gem (which is awesome!).

Because of this I was able to get past my issue because the creator of the gem added a parm to prevent re-auth.

See here