Correcting invitable synchronization with omniauthable?

[daidekman]

Thanks for creating such a great tool with invitable.

I have been using Devise with omniauth (primarily for Facebook login) and now I am seeking to implement invitations, yet not lose the omniauth login functionality. My goal is to allow a user to accept an invitation, then have the option to register/login using omniauth or the password confirmation fields that already exist.

I know to edit "/views/devise/invitations/edit.html.erb" so that there is a link to the omniauth_authorize_path. However, how would this authorization retain the checks on the invitation token? With omniauth we would still need to ensure a valid invitation_token and record the invited_by.

Many thanks for your help!
-Dave

[travisp]

I was wondering this same thing. No, simply providing a link is not enough. The invitation token will be lost.

There's no good way to pass parameters via omniauth and have them come back, so the best approach is probably to save the invitation token in the session before you send them off to Facebook, and then look for this token in the session in the omniauth callback.

[daidekman]

Thanks, @travisp -- that sounds smart. Were you able to get it to work? I'm a bit new to this, so if you have any example code that made this happen for you, I would be most grateful to see it and learn from you.

Many thanks!
-Dave

[travisp]

I did get it to work. I've provided some actual and some modified code. Hope this helps you and others:

https://gist.github.com/2007222

Most of the custom code is in the omniauth callbacks controller (and the exact approach will depend on your implementation of the callbacks controller), but it does require modifying the Devise::InvitationsController as well.

Two small edits to Invitations controller:
InvitationsController/edit -- set invitation_token in the session
InvitationsController/update -- remove the session invitation token if they accept the invitation by filling in the standard sign up form

OmniauthCallbacksController:
If this is a callback for an omniauth identity that's not in our database, and an invitation token exists in the session, then find the User matching that invitation token. Apply the omniauth information to the user model (in this case, basically store the omniauth identity). If the user model is valid and the user was an invited user, call accept_invitation! to save the model and clear the invitation token from the database (this is crucial). Finally, clear the session invitation token.

You can make this invite required either by modifying the callbacks controller to deal with when a user is not found with the invitation token, or by adding a validation to the model.

[daidekman]

Thanks so much, Travis. It seems to be working! I'll need to do some more tests, but this was extremely helpful. Thank you very much for sharing.

[scambra]

Could changes in invitations controller be added as after_filter?

Also, could you add this to the wiki?

[travisp]

@scambra yes, they probably could. I'll try to get around to putting it on the wiki.

[matzke]

+1 thanks for this answer!

[nunosilva800]

This is quite old already, but just FYI, you can add params to omniauth stages:

A link generated with:

<%= link_to "Sign in with Google", user_google_oauth2_omniauth_authorize_url(invitation_token: params[:invitation_token] ) %>

Will give you access to the invitation_token in request.env['omniauth.params'] on the callback action.