-
Notifications
You must be signed in to change notification settings - Fork 5.5k
Omniauthable, sign out action and rememberable
By default, Devise doesn't add a sign_out
route when using Omniauthable. As your user have logged in through a third-party provider, it will not be able to log out unless you add the following code and adds a link to the sign out action.
devise_scope :user do
delete "/users/sign_out" => "devise/sessions#destroy"
end
However, as we're only using session, closing the browser will be enough to sign out.
You may also notice that rememberable doesn't work because we don't send the rememberable check_in on login. To enforce rememberable usage, you can add this function call to your omniauth callback controller (when @user
is the resource):
remember_me(@user)
You should include module Devise::Controllers::Rememberable
on your controller to use it and ensure a password is always set or have a remember_token
column in your model or implement your own rememberable_value
in the model with custom logic.
This way, the logged in status will persist between sessions. We don't recommend doing this if you don't have a sign_out
action (because people will not be able to log out, even if they close the browser).