Is there any way to prevent users from accessing /auth/:provider
if, say, they are not logged in? I've tried to use before_request_phase
callback and Rack::Response
to redirect them to sign in page but it haven't worked.
My application is not using omniauth for user authentication. Instead, it is used to connect third-party accounts to the user profile.
Thanks!
OmniAuth.config.before_request_phase = lambda do |env|
user = env['warden'].authenticate!
end
Ok, the solution I found was to create a new OmniAuth Strategy which inherits from the one I wanted to use and to override the request_phase
method. Could not get the same behaviour using only OmniAuth configs in its initializer.
def request_phase
if env['rack.session']['warden.user.user.key'].present?
super
else
redirect '/'
end
end
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.