Home/ Questions/Q 6555107
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T12:46:46+00:00

I was going through devise omniauth documentation and came across the below snippet. It

  • 0

I was going through devise omniauth documentation and came across the below snippet.

It shows an example but in the note suggests that for an actual live app, precautions must be taken.

What kind of precautions could be taken here for an actual live application?

def self.find_for_facebook_oauth(access_token, signed_in_resource=nil)
  data = access_token['extra']['user_hash']
  if user = User.find_by_email(data["email"])
    user
  else # Create a user with a stub password. 
    User.create(:email => data["email"], :password => Devise.friendly_token[0,20]) 
  end
end

note: This is simply an example. your application must take
precautions if using User.find_by_email to link an existing User with
a facebook account.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The warning is strangely cryptic, but the code snippet suggests that they are referring to the danger of trying to match an existing user account (created directly on the website or through some non-Facebook registration) with a Facebook account based solely on finding a matching email address. Many users would probably end up with a new account created even though they already had one.

    • 0