Here were some of the things that I had to do to Devise to get things working correctly with Twitter and Facebook. YMMV, as this was six months ago and I had some special requirements potentially.
# config/initializers/omniauth_patch.rb
# see http://stackoverflow.com/questions/1960957
module OmniAuth
module Strategies
# override authorize path to force user to login each time
class Twitter < OmniAuth::Strategies::OAuth
def initialize(app, consumer_key = nil, consumer_secret = nil, options = {}, █)
client_options = {
:site => 'https://api.twitter.com'
}
client_options[:authorize_path] = '/oauth/authorize'
super(app, :twitter, consumer_key, consumer_secret, client_options, options)
end
end
end
end
# config/environments.rb
config.omniauth :twitter, 'XXXXXXXXXXXXX', 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
# Created multiple Facebook apps for testing because you can only have
# one per domain. One way to lessen these would be to set up staging.myapp.com, etc.
# since Facebook respects subdomains as being on the same domain. Would still need one for
# localhost testing though (unless I set up hosts file differently?)
# This seems simplest for now though.
id, secret = case ENV['RACK_ENV']
when 'production'
['XXXXXXXXXXXXXXX', 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX']
when 'staging'
['XXXXXXXXXXXXXXX', 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX']
else
['XXXXXXXXXXXXXXX', 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'] # localhost
end
config.omniauth :facebook, id, secret, { :display => :touch }
The last line ensures that we use the facebook touch view because I was only targeting mobile devices (iPhone). I’m not sure how we would easily do this at runtime besides further patching. Basically this limits us because we have to use the touch even though we want to use the web version on the web.
When signing out, I want to ensure that I sign out of all of the services that I might be signed into. I do a bit of a hack in the sign out view with:
Not you? #{link_to 'Sign out', "http://m.facebook.com/logout.php?confirm=1&next;=#{destroy_user_session_url}"}
Basically we ask facebook to sign us out first, and then go into the normal sign out.