Google oauth via devise and omniauth/oauth continually requesting access

Question

I can use devise with omniauth (oauth NOT openid) and a devise.rb config like this:

config.omniauth :google, KEY, SECRET

and it correctly does the redirection to google to ask permission (and returns)...

but unfortunately it always does that. It should (I believe) know that I just authorized permissions to use google and should skip that redirection to google after the first time. Any suggestions on how to get this working?

The permissioning I'm talking about is: "The site blah.com is requesting access to your Google Account for the product(s) listed below". I don't want this page to always reappear.

Answer 1

You need to implement callbacks yourself - neither Devise nor Omniauth provide these for you by default. It will take care of sending the user to your OAuth endpoint and make sure he returns, but it will not consume the information that was sent and/or log the user in.

It's up to you to do these things.

Devise has a wiki page on creating a simple callback controller: https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview

Ryan Bates has a Railscast on doing a more generic callback controller: http://railscasts.com/episodes/236-omniauth-part-2

And I've had a write-up for a generic callback controller as well:http://blog.impaled.org/code/2011/2/devise-1-2-with-omniauth-on-rails.html

Answer 2

I upgraded to the latest omniauth/devise gems and used google_oauth2 gem (which is awesome.).

Because of this I was able to get past my issue because the creator of the gem added a parm to prevent re-auth.

See here

Answer 3

With omniauth-google-oauth2 I found you have to set

:approval_prompt => ''

as an option on your line

provider :google_oauth2, ...

or it defaults to 'force' instead, which caused the same problem for me.

Deduced this from reading the part about approval_prompt on this page: https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview

Answer 4

I had the issue where it would request the same permissions from the user each log in. I solved it by adding the access_type: "offline" and approval_prompt: "" to my devise.rb in the config folder as follows:

config.omniauth :google_oauth2, 'KEYHERE', 'SECRET_HERE', { access_type: "offline", approval_prompt: "", scope: 'userinfo.email,userinfo.profile' }

The scope above allows me to see basic info about the user and their email address.

Hope this helps.

Answer 5

You must enable the "Contacts API" and "Google+ API" via the Google API console

Answer 6

Check: https://github.com/intridea/omniauth/pull/342

Google requires that we swap out for a long term auth token, but I'm not sure there is a clean way to do this with omniauth + devise.