Omniauthable, sign out action and rememberable
Clone this wiki locally
By default, Devise doesn't add a
sign_out route when using Omniauthable. As your user have logged in through a third-party provider, it will not be able to log out unless you add the following code and adds a link to the sign out action.
devise_scope :user do get 'sign_out', :to => 'devise/sessions#destroy', :as => :destroy_user_session end
However, as we're only using session, closing the browser will be enough to sign out.
You may also notice that rememberable doesn't work because we don't send the rememberable check_in on login. To enforce rememberable usage, you can add this function call to your omniauth callback controller (when
@user is the resource):
You should include module
Devise::Controllers::Rememberable on your controller to use it and ensure a password is always set or have a
remember_token column in your model or implement your own
rememberable_value in the model with custom logic.
This way, the logged in status will persist between sessions. We don't recommend doing this if you don't have a
sign_out action (because people will not be able to log out, even if they close the browser).