Separating Sign up and Sign in

[deniciocode]

Hello,

I have a questions regarding the usage of omniauth and specially omniauth-facebook. We want to offer social login on our platform. If a new user wants to signup, everything is clear. New user will be created on the callback. Done. How do I handle a user who tries to sign in, but never signed up with facebook before. With this step I would like to protect an existing user (email/password) to try to login with facebook, which will result in the creation of a new user if we have different emails.

[swiknaba]

I think this is best asked on Stackoverflow since that is an engineering challenge to be solved in your codebase. It is not really related to this gem.

You'll have the same problem with any OAuth login flow.

Quick thoughts: From the OAuth flow, you receive a unique ID from facebook ("uid"). You can store that in your users table, and on sign-in check if you have a user with that uid or not. From there you can continue the flow for the user.

[deniciocode]

The question is, how to a differentiate sign in and sign up.

Steps

• I visite /auth/:provider from the FE-Client
• omniauth takes care and redirects_to the provider
• user logins
• facebooks redirects_to callback_url

I am not sure where to hook in. On the visit /auth/:provider is there any change to pass data (like Query params) catch it on a controller and continue with omniauth?

[deniciocode]

I am not sure, but I think by using state param, I am able to separate a login.

[swiknaba]

great you found a solution. Thanks for updating the issue :-)