Omniauthable, sign out action and rememberable

Leonardo edited this page Dec 8, 2013 · 5 revisions
Clone this wiki locally

By default, Devise doesn't add a sign_out route when using Omniauthable. As your user have logged in through a third-party provider, it will not be able to log out unless you add the following code and adds a link to the sign out action.

devise_scope :user do
   get 'sign_out', :to => 'devise/sessions#destroy', :as => :destroy_user_session
end

However, as we're only using session, closing the browser will be enough to sign out.

You may also notice that rememberable doesn't work because we don't send the rememberable check_in on login. To enforce rememberable usage, you can add this function call to your omniauth callback controller (when @user is the resource):

remember_me(@user)

You should include module Devise::Controllers::Rememberable on your controller to use it and ensure a password is always set or have a remember_token column in your model or implement your own rememberable_value in the model with custom logic.

This way, the logged in status will persist between sessions. We don't recommend doing this if you don't have a sign_out action (because people will not be able to log out, even if they close the browser).