remember_me! not working with omniauth

[onsails]

I integrated devise with omniauth accorting ti the wiki page. openid, oauth authorization types works fine but remember_me does not work.

Here is a part of my User::Omniauth::CallbacksController:

  # ...

  def open_id
    if @user.blank? and valid_auth?
      @user = User.new
      @user.name  = @auth["user_info"]["name"]
      # @user.email = @auth["user_info"]["email"]
      @user.password  = Devise.friendly_token[0..20]
      @user.save(:validate => false)
      
      @profile = @user.social_profiles.build(@auth)
      @profile.save!
    end

    @user.remember_me = true
    @user.remember_me!
    sign_in(:user, @user)
    reload_parent_window
  end

  private
  
  def load_profile
    if @auth = env["omniauth.auth"]
      @profile = SocialProfile.where(:provider => @auth["provider"], :uid => @auth["uid"]).first
      @user = @profile.user if @profile
    end
  end
  
  def reload_parent_window
    render :text => <<-EOS
    <script type="text/javascript">
      if(window.opener) {
        window.opener.location.reload(true);
        window.close()
      }
    </script>
EOS

end
def valid_auth?

!(@auth.blank? or @auth["provider"].blank? or @auth["uid"].blank? or @auth["user_info"].blank?)

end

class User
  devise :database_authenticatable, :registerable, :omniauthable,
  :trackable, :validatable, # :openid_authenticatable, 
  :recoverable, :rememberable

[josevalim]

Hrm yeah, I can see why this is not working. Not quite an easy fix. Sorry, but you will have to hold on a bit without this feature. :(

[aindustries]

Cross posted from the Devise Google Group per Jose Valim's request:

I'm trying to invoke the rememberable hook on a user that I log in manually via the sign_in(user) method from the Devise helpers. However, when I do this, the rememberable hook doesn't seem to be called. Am I missing something?

To compensate I dug into the Devise source to call the rememberable methods directly. This is brittle and thus I hope there's a better solution.

Here's what I'm doing now and this works though it's not ideal.

user = a_valid_persisted_user #pseudo code
user.remember_me!
sign_in(user)
cookies.signed['remember_user_token'] =
User.serialize_into_cookie(user)

Note: devise :rememberable is in the User model

[josevalim]

Yes, exactly. It won't work until I fix it. The same fix for both cases!

[bugant]

Hi, I'm experiencing the same issue. Is there any workaround for this bug?

[kjf]

Just ran into this myself, struggling to find a workaround.

[josevalim]

Someone posted above that doing:

cookies.signed['remember_user_token'] =

User.serialize_into_cookie(user)

In your omniauth callback action should work. I have not tested personally.

[bugant]

The above solution set the cookie as a session one, so it will expire as soon as you close your browser.

You have to set the cookie expires to user.remember_expires_at.

[josevalim]

Fixed on Devise master. You just need to set user.remember_me = true and call sign_in. Devise will do all the rest for you.

[mecampbellsoup]

@josevalim @prettynatty Once we are remembering users this way using a cookie post-OAuth authentication, how would you suggest setting up routes to check for a local cookie first?

Right now, my users click "Login with Venmo" and I don't check for this cookie, so the user is always forced to provide Venmo credentials in the standard OAuth login dialogue box: http://cl.ly/image/1n2a060k1m3a