Authentication

User registration, authentication, forgotten passwords, social logins with OAuth, and more.

Authentication with Devise

Jumpstart Pro uses Devise for user registration and authentication. This library is well tested and receives regular security updates allowing you to focus on your business.

If you would like to collect other information on registration, you can add the fields to the devise views in app/views/devise and permit the additional params in application_controller.rb.

Social Login / OAuth with Omniauth Providers

Devise is preconfigured to connect with Omniauth providers so users can register or sign in with their social accounts.

We automatically handle the various situations that can arise with social auth:

  • Registering a new user with an OAuth account
  • Connecting an OAuth account to an existing user who is logged in
  • Signing into an existing user via their previously connected social account
  • Rejecting login to an existing user who hasn't connected the social account before

You're free to override any of this functionality by adding your own methods to the OmniauthCallbacksController like you normally would.

Working with Connected Account OAuth Data And Tokens

The User model has_many :connected_accounts which you can use to access the data collected from the accounts such as credentials and user information.

We automatically generate a scope for each provider, so you can filter out connected accounts easily: @user.connected_accounts.twitter.first

If you would like to do something after connecting an OAuth account, you can add a method to the OmniauthCallbacksController for the provider and it will be called after the account is connected.

ConnectedAccount has a method named token that will always return an active API token. It will seamlessly renew expired tokens for you so your code never has to deal with services who provide you expiring tokens.

ConnectedAccount records also store the entire auth hash from Omniauth so you can easily debug integrations and access any of that data later on as necessary.