Support authenticate with facebook access token

Gemfile

@@ -14,13 +14,14 @@ gemspec
 # gem 'debugger'
 
 group :development, :test do
-  gem 'attr_encrypted'
-  gem 'figaro', git: 'https://github.com/laserlemon/figaro'
-  gem 'omniauth-facebook', git: 'https://github.com/mkdynamic/omniauth-facebook'
-  gem 'omniauth-github',        git: 'https://github.com/intridea/omniauth-github'
-  gem 'omniauth-google-oauth2', git: 'https://github.com/zquestz/omniauth-google-oauth2'
-  gem 'rack-cors', require: 'rack/cors'
   gem 'thor'
+  gem "figaro",                         :git => 'https://github.com/laserlemon/figaro'
+  gem 'omniauth-github',                :git => 'https://github.com/intridea/omniauth-github'
+  gem 'omniauth-facebook',              :git => 'https://github.com/mkdynamic/omniauth-facebook'
+  gem 'omniauth-google-oauth2',         :git => 'https://github.com/zquestz/omniauth-google-oauth2'
+  gem 'omniauth-facebook-access-token', :git => 'git://github.com/SoapSeller/omniauth-facebook-access-token'  
+  gem 'rack-cors',              :require => 'rack/cors'
+  gem 'attr_encrypted'
 
   # testing
   # gem 'spring'

Gemfile.lock

@@ -1,3 +1,11 @@
+GIT
+  remote: git://github.com/SoapSeller/omniauth-facebook-access-token
+  revision: 1125e764ef8d997b20a3bedf068cc1b135cb5700
+  specs:
+    omniauth-facebook-access-token (0.1.8)
+      oauth2 (~> 1.0.0)
+      omniauth (~> 1.2)
+
 GIT
   remote: https://github.com/intridea/omniauth-github
   revision: a893c2bc45d3c869ada960fddca97d6cba28082d
@@ -290,6 +298,7 @@ DEPENDENCIES
   mocha
   mysql2
   omniauth-facebook!
+  omniauth-facebook-access-token!
   omniauth-github!
   omniauth-google-oauth2!
   pg

app/controllers/devise_token_auth/omniauth_callbacks_controller.rb

@@ -207,6 +207,10 @@ def render_data_or_redirect(message, data, user_data = {})
 
         # build and redirect to destination url
         redirect_to DeviseTokenAuth::Url.generate(auth_origin_url, data.merge(blank: true))
+
+      elsif using_access_token_strategy?
+        render json: { success: true, data: user_data.merge(data).merge({message: message}) }
+
       else
 
         # there SHOULD always be an auth_origin_url, but if someone does something silly
@@ -217,6 +221,10 @@ def render_data_or_redirect(message, data, user_data = {})
       end
     end
 
+    def using_access_token_strategy?
+      request.env['omniauth.strategy'] && request.env['omniauth.strategy'].class.name.match('AccessToken')
+    end
+
     def fallback_render(text)
         render inline: %Q|
 

test/controllers/devise_token_auth/omniauth_callbacks_controller_test.rb

@@ -21,9 +21,186 @@ def get_parsed_data_json
     JSON.parse(URI.unescape(encoded_json_data))
   end
 
-  describe 'success callback' do
+  describe 'facebook_access_token success callback' do
     setup do
-      OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new(
+      OmniAuth.config.mock_auth[:facebook_access_token] = OmniAuth::AuthHash.new({
+        provider: 'facebook',
+        uid: '123545',
+        info: {
+          name: 'chong',
+          email: 'chongbong@aol.com'
+        }
+      })
+    end
+
+    before do
+      DeviseTokenAuth::OmniauthCallbacksController.any_instance.stubs(:using_access_token_strategy?).returns(true)      
+    end
+
+    after do
+      DeviseTokenAuth::OmniauthCallbacksController.any_instance.unstub(:using_access_token_strategy?)
+    end
+
+    test 'user should have been created' do
+      get_success
+      assert @resource
+    end
+
+    test 'user should be assigned info from provider' do
+      get_success
+      assert_equal 'chongbong@aol.com', @resource.email
+    end
+
+    test 'user should be assigned token' do
+      get_success
+      client_id = controller.auth_params[:client_id]
+      token = controller.auth_params[:auth_token]
+      expiry = controller.auth_params[:expiry]
+
+      # the expiry should have been set
+      assert_equal expiry, @resource.tokens[client_id][:expiry]
+      # the token sent down to the client should now be valid
+      assert @resource.valid_token?(token, client_id)
+    end
+
+    test 'response contains all expected data' do
+      get_success
+      assert_expected_data
+    end
+
+    test 'sign_in was called' do
+      User.any_instance.expects(:sign_in)
+      get_success
+    end
+
+    describe 'with default user model' do
+      before do
+        get_success
+      end
+      test 'request should determine the correct resource_class' do
+        assert_equal 'User', controller.send(:omniauth_params)['resource_class']
+      end
+
+      test 'user should be of the correct class' do
+        assert_equal User, @resource.class
+      end
+    end
+
+    describe 'with alternate user model' do
+      before do
+        get_via_redirect '/mangs/facebook_access_token', {
+          favorite_color: @fav_color,
+          name: @unpermitted_param
+        }
+        assert_equal 200, response.status
+        @resource = assigns(:resource)
+      end
+      test 'request should determine the correct resource_class' do
+        assert_equal 'Mang', controller.send(:omniauth_params)['resource_class']
+      end
+        test 'user should be of the correct class' do
+        assert_equal Mang, @resource.class
+      end
+    end
+
+    describe 'pass additional params' do
+      before do
+        @fav_color = 'alizarin crimson'
+        @unpermitted_param = "M. Bison"
+        get_via_redirect '/auth/facebook_access_token', {
+          favorite_color: @fav_color,
+          name: @unpermitted_param
+        }
+
+        @resource = assigns(:resource)
+      end
+
+      test 'status shows success' do
+        assert_equal 200, response.status
+      end
+
+      test 'additional attribute was passed' do
+        assert_equal @fav_color, @resource.favorite_color
+      end
+
+      test 'non-whitelisted attributes are ignored' do
+        refute_equal @unpermitted_param, @resource.name
+      end
+    end
+
+    describe "oauth registration attr" do
+      after do
+        User.any_instance.unstub(:new_record?)
+      end
+
+      describe 'with existing user' do
+        before do
+          User.any_instance.expects(:new_record?).returns(false).at_least_once
+        end
+
+        test 'response does not contain oauth_registration attr' do
+
+          get_via_redirect '/auth/facebook_access_token'
+
+          assert_equal false, controller.auth_params.key?(:oauth_registration)
+        end
+      end
+
+      describe 'with new user' do
+        before do
+          User.any_instance.expects(:new_record?).returns(true).at_least_once
+        end
+
+        test 'response contains oauth_registration attr' do
+
+          get_via_redirect '/auth/facebook_access_token'
+
+          assert_equal true, controller.auth_params[:oauth_registration]
+        end
+      end
+    end
+
+    describe 'using namespaces' do
+      before do
+        get_via_redirect '/api/v1/auth/facebook_access_token'
+
+        @resource = assigns(:resource)
+      end
+
+      test 'request is successful' do
+        assert_equal 200, response.status
+      end
+
+      test 'user should have been created' do
+        assert @resource
+      end
+
+      test 'user should be of the correct class' do
+        assert_equal User, @resource.class
+      end
+    end
+
+    def assert_expected_data
+      data_json = @response.body
+      data = ActiveSupport::JSON.decode(data_json)
+      expected_data = @resource.as_json.merge(controller.auth_params.as_json)
+      expected_data = {'success' => true, 'data' => ActiveSupport::JSON.decode(expected_data.to_json).merge("message" => "deliverCredentials")}
+      assert_equal(expected_data, data)
+    end
+
+    def get_success(params = {})
+      get_via_redirect '/auth/facebook_access_token', {
+        favorite_color: @fav_color,
+        name: @unpermitted_param
+      }.merge(params)
+      assert_equal 200, response.status
+      @resource = assigns(:resource)
+    end
+  end
+
+  describe 'facebook success callback' do
+    setup do
+      OmniAuth.config.mock_auth[:facebook] = OmniAuth::AuthHash.new({
         provider: 'facebook',
         uid: '123545',
         info: {

test/dummy/config/initializers/omniauth.rb

@@ -1,6 +1,7 @@
 Rails.application.config.middleware.use OmniAuth::Builder do |b|
   provider :github,        ENV['GITHUB_KEY'],   ENV['GITHUB_SECRET'],   scope: 'email,profile'
   provider :facebook,      ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET']
+  provider :facebook_access_token,      ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET']
   provider :google_oauth2, ENV['GOOGLE_KEY'],   ENV['GOOGLE_SECRET']
   provider :developer,
     :fields => [:first_name, :last_name],