Enterprise Integration Zone is brought to you in partnership with:

I'm a writer, programmer, web developer, and entrepreneur. Preona is my current startup that began its life as the team developing Twitulater. Our goal is to create a set of applications for the emerging Synaptic Web, which would rank real-time information streams in near real time, all along reading its user behaviour and understanding how to intelligently react to it. Swizec is a DZone MVB and is not an employee of DZone and has posted 67 posts at DZone. You can read more from them at their website. View Full User Profile

Force Users to Add a Facebook Login with Devise & Omniauth

  • submit to reddit

You’ve set up rails with devise and omniauth. Users are signing up with facebook or twitter or email&password or something completely different. Everything is going great.

Now you want to force some users to add a facebook login to their account. Maybe you just want to see if their name and avatar match what they’ve set up in your service to make sure they really are who they say they are. Whatever.

It seems like you might need to add a custom Devise strategy. You start googling. Doesn’t seem like a lot of work, you just extend Authorizable and override the authorize! function and then … do something. Seems you’ll have to mostly override how authorization works. Will that play well with omniauthable?

But that only solves the problem of forcing Facebook on authorization. Who’s going to check the conditions on every page load and sign the user out?

You set up a filter. Put it in application_controller and it’s just a big mess. You’re still not sure how to tie everything together and the clusterfuck of code is growing and growing.

Force FB with just 19 sloc

There’s a better way!

I stumbled on this solution almost by accident after ending up on an obscure API doc page on my gazillionth google search. Turns out you can force a user to sign up with facebook in just under 19 lines of code.

We have to extend how models behave, not create a new Devise strategy. The function we’re looking to override is active_for_authentication?.

This function is called on every page load when a user is signed in and checks that they’re still active. If it returns false the user will be signed out and asked to login before continuing. They won’t be let through until the function returns true.


All you have to do is put something like this in your app/classes directory.

module Facebookable
  extend ActiveSupport::Concern
  def needs_facebook?
    needs_facebook && services.where("provider = 'Facebook'").count < 1
  def should_flag?
    condition # get a score somehow
    if condition
      self.needs_facebook = true
  def active_for_authentication?
    super && !needs_facebook? && !should_flag?()
  def inactive_message
    needs_facebook? ? "Please sign in with Facebook." : super

And that’s essentially it. Add a boolean needs_facebook field to your user model and add :facebookable to the strategies list and you’re done. Everything works.

Facebookable will automatically take care of checking whether a user has facebook connected and kick them out if they don’t but should. On every page load it will also check whatever condition you’ve set and flag the user.

It took me four days to come up with those 19 lines of code because nobody’s written a blogpost about how to do this properly. Now someone has.

PS: testing this works the same as testing any other model methods.

Published at DZone with permission of Swizec Teller, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)