First you need to add setup: true to update the list of service permissions:
Devise.setup do |config| config.omniauth :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'], :scope => 'email,offline_access,user_about_me', :setup => true end
Add two routes to routes.rb :
devise_scope :user do get '/users/auth/:provider/upgrade' => 'omniauth_callbacks#upgrade', as: :user_omniauth_upgrade get '/users/auth/:provider/setup', :to => 'omniauth_callbacks#setup' end
The first route is what the user should be connected to using user_omniauth_upgrade_path(:facebook) . The second configuration route is a callback that omniauth will call internally, and we can use to change the scope parameter.
They go into omniauth_callbacks_controller.rb :
def upgrade scope = nil if params[:provider] == "facebook" scope = 'email,offline_access,user_about_me,publish_stream' end redirect_to user_omniauth_authorize_path(params[:provider]), flash: {scope: scope} end
When you specify setup: true inside omniauth configuration, setup_path is called by default. We will use this to change the default scope in the strategy. Add this to omniauth_callbacks_controller.rb :
def setup request.env['omniauth.strategy'].options['scope'] = flash[:scope] || request.env['omniauth.strategy'].options['scope'] render :text => "Setup complete.", :status => 404 end
Finally, in your views, you can add:
<%= link_to "Upgrade Access", user_omniauth_upgrade_path(:facebook) %>
Source: http://willschenk.com/setting-up-devise-with-twitter-and-facebook-and-other-omniauth-schemes-without-email-addresses/#passing-dynamic-scopes-to-omniauth