I am interested in doing this as well. My setup is the same.
On ‘sign up with facebook’, do you create a devise user and password in the rails api? What would the password be? or can devise be set to handle the two scenarios?
I was thinking storing the oauth token as the password, but not sure if that is secure or makes sense.
Currently I have api calls for setting up a devise user or logging in with a devise email and password, and the token for subsequent calls by that user.
What would be the api enpoints that I need to create to allow both facebook signup and traditional signup?
For traditional sign up I use the json route set up by Devise.
For facebook sign up, I added my own json route which:
1/ take the facebook access token as parameter
2/ check it is valid by fetching user info from Facebook like this:
client = OAuth2::Client.new(
token = OAuth2::AccessToken.new(client, params[:access_token])
user_info = ActiveSupport::JSON.decode(token.get(’/me’).body)
(the user info are used to create the entry in the DB)
3/ sign in using Devise method: sign_in @user, :event => :authentication #this will throw if @user is not activated
The access token is then stored in the session for later use.