Expire all /_oauth_token$/ keys in session after sign in, so if two users create accounts in the same session, the facebook account will be linked just to the first one.

test/rails_app/db/migrate/20100401102949_create_tables.rb

@@ -1,27 +1,27 @@
 class CreateTables < ActiveRecord::Migration
   def self.up
-    [:users, :admins, :accounts].each do |table|
-      create_table table do |t|
-        t.database_authenticatable :null => (table == :admins)
+    create_table :users do |t|
+      t.string :username
+      t.database_authenticatable :null => false
+      t.confirmable
+      t.recoverable
+      t.rememberable
+      t.trackable
+      t.lockable
+      t.token_authenticatable
+      t.timestamps
+    end
 
-        if table != :admin
-          t.string :username
-          t.confirmable
-          t.recoverable
-          t.rememberable
-          t.trackable
-          t.lockable
-          t.token_authenticatable
-        end
-
-        t.timestamps
-      end
+    create_table :admins do |t|
+      t.database_authenticatable :null => true, :encryptor => :bcrypt
+      t.recoverable
+      t.lockable
+      t.timestamps
     end
   end
 
   def self.down
-    [:users, :admins, :accounts].each do |table|
-      drop_table table
-    end
+    drop_table :users
+    drop_table :admins
   end
 end