I have not found a good way of doing this. I am not using :omniauthable either, I’m using OmniAuth and Devise separately as seen in the Railscast episode where there are two tables users and authentications. It’s kinda hacky and only works for Facebook.

Basically, send your access_token from the iPhone to the server over SSL, or something similar. You have to check with OmniAuth first and if you are granted access, then you can manually create a session with OmniAuth by going something like:

I did get something to work by doing this though:

FB = OmniAuth::Strategies::Facebook.new("nothing") 

client = ::OAuth2::Client.new("nothing", "nothing", FB.client_options) 

cached_token = "app_id_part|session_id_part|token_part" # or maybe you sent it from the iPhone
access_token = ::OAuth2::AccessToken.new(client, cached_token)  

FB.instance_variable_set("@access_token", access_token) 

FB.auth_hash 
# You will either get a hash or get this error:
# OAuth2::AccessDenied: Received HTTP 401 during request.

After that you lookup the user info you need to find the user via your Authentications table:

@user = Authentication.where(:uid => FB.auth_hash["uid"], :provider => "facebook").first.user

Now we create a session:

sign_in_and_redirect(:user, @user)

# or, perhaps

sign_in(@user, :bypass => true)