fractaledmind/omniauth_controller.rb

## omniauth_controller.rb
class Sessions::OmniauthController < ApplicationController
  skip_before_action :verify_authenticity_token
  skip_before_action :authenticate!

  # GET|POST /auth/:provider
  def passthru
    render status: 404, plain: "Not found. Authentication passthru."
  end

  # GET|POST /auth/:provider/callback
  def create
    # https://github.com/omniauth/omniauth/wiki/Saving-User-Location
    origin_path = root_path
    notice = "Signed in successfully via #{OmniAuth::Providers[auth.provider.to_sym]}"

    if connected_account.present?
      connected_account.update(connected_account_params)
      ensure_tester_record_if_tester_role_for(connected_account.user)
      sign_in_user(connected_account.user)
      redirect_to origin_path, notice: notice

    elsif Current.user.present?
      connected_account = Current.user.connected_accounts.create(connected_account_params)
      ensure_tester_record_if_tester_role_for(Current.user)
      redirect_to origin_path, notice: notice

    elsif (auth_user = User.find_by(email: auth.info.email.downcase)).present?
      # since we control the Users table,
      # allow the account to be connected to the existing user
      # and then sign in the user
      connected_account = auth_user.connected_accounts.create(connected_account_params)
      ensure_tester_record_if_tester_role_for(auth_user)
      sign_in_user(auth_user)
      redirect_to origin_path, notice: notice

    else
      email = auth.info.email.downcase
      username = auth.info.screen_name || email.split("@").first
      user = User.new(
        username: username,
        email: email,
        password: username.bytes.take(3).join
      )
      user.connected_accounts.new(connected_account_params)

      if user.save
        ensure_tester_record_if_tester_role_for(user)
        sign_in_user(user)
        redirect_to origin_path, notice: notice
      else
        redirect_to sign_in_path, alert: "Authentication failed"
      end
    end
  end

  def failure
    redirect_to sign_in_path, alert: params[:message]
  end

  private

    def ensure_tester_record_if_tester_role_for(user)
      testio_uid = auth.info.roles.dig("tester", "id")

      if (tester = Tester.find_by(testio_uid: testio_uid))
        tester.update_column(:user_id, user.id) unless tester.user_id?
      elsif auth.info.roles&.dig("tester").present?
        Tester.insert(
          { email: auth.info.email.downcase,
            phone_number: "+0000000000",
            testio_uid: testio_uid,
            first_name: auth.info.first_name,
            last_name: auth.info.last_name,
            birthdate: Date.new(rand(1970..2000), rand(1..12), rand(1..28)),
            user_id: user.id,
          },
          unique_by: :email
        )
      end
    end

    def connected_account_params
      # Clean auth hash credentials
      auth_hash = auth.to_hash
      auth_hash.delete("credentials")
      auth_hash["extra"]&.delete("access_token")
      expires_at = auth.credentials.expires_at.present? ?
        Time.at(auth.credentials.expires_at) :
        nil

      {
        provider: auth.provider,
        uid: auth.uid,
        email: auth.info.email.downcase,
        access_token: auth.credentials.token,
        access_token_secret: auth.credentials.secret,
        expires_at: expires_at,
        refresh_token: auth.credentials.refresh_token,
        auth: auth_hash
      }
    end

    def connected_account
      @connected_account ||= User::ConnectedAccount.for_auth(auth)
    end

    def auth
      @auth ||= request.env["omniauth.auth"]
    end
end

## omniauth_initializer.rb
OmniAuth::Providers = {}

Rails.application.config.middleware.use OmniAuth::Builder do
  unless Rails.env.production?
    provider :developer
    OmniAuth::Providers[:developer] = "Developer"
  end
  provider OmniAuth::Strategies::TestIO,
    Rails.application.credentials.omniauth.testio.public_key, # app_id
    Rails.application.credentials.omniauth.testio.private_key, # app_secret
    scope: if Rails.env.production?
      "public"
    else
      "public user_api:admin custom_task_api:admin"
    end
  OmniAuth::Providers[:testio] = "Test IO"
end

## routes.rb
# OmniAuth routes
get '/auth/failure',
  to: 'sessions/omniauth#failure'
match 'auth/:provider',
  to: 'sessions/omniauth#passthru',
  as: 'omniauth_authorize',
  via: [:get, :post]
match 'auth/:provider/callback',
  to: 'sessions/omniauth#create',
  as: 'omniauth_callback',
  via: [:get, :post]

## sessions_new.html.erb
<div class="text-center mt-12">
  <h1 class="text-4xl font-bold leading-7 sm:text-5xl">
    Log in
  </h1>
  <p class="text-gray-800 text-lg mt-4 mb-12">
    You'll be taken to a 3rd party provider to authenticate.
  </p>
  <div class="flex flex-col items-center gap-3">
    <% ::OmniAuth::Providers.each do |provider, label| %>
      <%= button_to omniauth_authorize_path(provider: provider, origin: session['origin']), data: { turbo: false }, class: button_classes(type: :primary) do %>
        <span>Sign in with <%= label %></span>
      <% end %>
    <% end %>
  </div>
</div>
	class Sessions::OmniauthController < ApplicationController
	skip_before_action :verify_authenticity_token
	skip_before_action :authenticate!

	# GET\|POST /auth/:provider
	def passthru
	render status: 404, plain: "Not found. Authentication passthru."
	end

	# GET\|POST /auth/:provider/callback
	def create
	# https://github.com/omniauth/omniauth/wiki/Saving-User-Location
	origin_path = root_path
	notice = "Signed in successfully via #{OmniAuth::Providers[auth.provider.to_sym]}"

	if connected_account.present?
	connected_account.update(connected_account_params)
	ensure_tester_record_if_tester_role_for(connected_account.user)
	sign_in_user(connected_account.user)
	redirect_to origin_path, notice: notice

	elsif Current.user.present?
	connected_account = Current.user.connected_accounts.create(connected_account_params)
	ensure_tester_record_if_tester_role_for(Current.user)
	redirect_to origin_path, notice: notice

	elsif (auth_user = User.find_by(email: auth.info.email.downcase)).present?
	# since we control the Users table,
	# allow the account to be connected to the existing user
	# and then sign in the user
	connected_account = auth_user.connected_accounts.create(connected_account_params)
	ensure_tester_record_if_tester_role_for(auth_user)
	sign_in_user(auth_user)
	redirect_to origin_path, notice: notice

	else
	email = auth.info.email.downcase
	username = auth.info.screen_name \|\| email.split("@").first
	user = User.new(
	username: username,
	email: email,
	password: username.bytes.take(3).join
	)
	user.connected_accounts.new(connected_account_params)

	if user.save
	ensure_tester_record_if_tester_role_for(user)
	sign_in_user(user)
	redirect_to origin_path, notice: notice
	else
	redirect_to sign_in_path, alert: "Authentication failed"
	end
	end
	end

	def failure
	redirect_to sign_in_path, alert: params[:message]
	end

	private

	def ensure_tester_record_if_tester_role_for(user)
	testio_uid = auth.info.roles.dig("tester", "id")

	if (tester = Tester.find_by(testio_uid: testio_uid))
	tester.update_column(:user_id, user.id) unless tester.user_id?
	elsif auth.info.roles&.dig("tester").present?
	Tester.insert(
	{ email: auth.info.email.downcase,
	phone_number: "+0000000000",
	testio_uid: testio_uid,
	first_name: auth.info.first_name,
	last_name: auth.info.last_name,
	birthdate: Date.new(rand(1970..2000), rand(1..12), rand(1..28)),
	user_id: user.id,
	},
	unique_by: :email
	)
	end
	end

	def connected_account_params
	# Clean auth hash credentials
	auth_hash = auth.to_hash
	auth_hash.delete("credentials")
	auth_hash["extra"]&.delete("access_token")
	expires_at = auth.credentials.expires_at.present? ?
	Time.at(auth.credentials.expires_at) :
	nil

	{
	provider: auth.provider,
	uid: auth.uid,
	email: auth.info.email.downcase,
	access_token: auth.credentials.token,
	access_token_secret: auth.credentials.secret,
	expires_at: expires_at,
	refresh_token: auth.credentials.refresh_token,
	auth: auth_hash
	}
	end

	def connected_account
	@connected_account \|\|= User::ConnectedAccount.for_auth(auth)
	end

	def auth
	@auth \|\|= request.env["omniauth.auth"]
	end
	end
	OmniAuth::Providers = {}

	Rails.application.config.middleware.use OmniAuth::Builder do
	unless Rails.env.production?
	provider :developer
	OmniAuth::Providers[:developer] = "Developer"
	end
	provider OmniAuth::Strategies::TestIO,
	Rails.application.credentials.omniauth.testio.public_key, # app_id
	Rails.application.credentials.omniauth.testio.private_key, # app_secret
	scope: if Rails.env.production?
	"public"
	else
	"public user_api:admin custom_task_api:admin"
	end
	OmniAuth::Providers[:testio] = "Test IO"
	end
	# OmniAuth routes
	get '/auth/failure',
	to: 'sessions/omniauth#failure'
	match 'auth/:provider',
	to: 'sessions/omniauth#passthru',
	as: 'omniauth_authorize',
	via: [:get, :post]
	match 'auth/:provider/callback',
	to: 'sessions/omniauth#create',
	as: 'omniauth_callback',
	via: [:get, :post]
	<div class="text-center mt-12">
	<h1 class="text-4xl font-bold leading-7 sm:text-5xl">
	Log in
	</h1>
	<p class="text-gray-800 text-lg mt-4 mb-12">
	You'll be taken to a 3rd party provider to authenticate.
	</p>
	<div class="flex flex-col items-center gap-3">
	<% ::OmniAuth::Providers.each do \|provider, label\| %>
	<%= button_to omniauth_authorize_path(provider: provider, origin: session['origin']), data: { turbo: false }, class: button_classes(type: :primary) do %>
	<span>Sign in with <%= label %></span>
	<% end %>
	<% end %>
	</div>
	</div>