Rails Authentication with Access_token from Facebook

Question

I am currently building an iPhone app with rails backend. I am using solely facebook 's Single Sign On (SSO) on the iphone and authentication works great on the client end pretty well. I am using devise on rails as the backend.

NOTE i have consulted Design for Facebook authentication in an iOS app that also accesses a secured web service already

I see that devise has something called token_authenticable which is essentially the "ticket" described in step 5 of that thread. This is the current flow I see

1. user sign on to facebook SSO on the phone
2. user makes a call to myserver.com/sessions/fb_sso with { access_token: X }
3. On the server end (at SessionsController#fb_sso, I will make an API call to facebook with the access_token
4. If access_token is valid, check if user exists in db. If user does not exist, create a new user
5. Now we can return { user_id: X, devise_auth_token: Y } back to the call on 1)

This is pretty straight forward. However, I have a couple of questions:

1. With the devise_auth_token, does that mean I no longer have to call sign_in("user", resource) from devise? (found here http://jessewolgamott.com/blog/2012/01/19/the-one-with-a-json-api-login-using-devise/)
2. Where will be the best place to put the code for 3-4?
3. I can't seem to find much on Google about this topic. Why are there so few tutorials out there for a process so common? Am I missing something blatantly obvious?

Answer 1

Why can't you use omniauth-facebook gem. Its a very simple solution to get the access token for if you use devise its potentiality will double. Make sure that you need to get different access token at different login time.

You can go through this link https://github.com/pramodv-nyros/social-login-in-rails