Remove OAuth2 in favor of OmniAuth.

test/rails_app/app/controllers/users/omniauth_callbacks_controller.rb

@@ -0,0 +1,7 @@
+class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
+  def facebook
+    data = env["omniauth.auth"]
+    session["devise.facebook_data"] = data
+    render :json => data
+  end
+end

test/rails_app/config/initializers/devise.rb

@@ -148,18 +148,16 @@ Devise.setup do |config|
   # The default HTTP method used to sign out a resource. Default is :get.
   # config.sign_out_via = :get
 
-  # ==> OAuth2
-  # Add a new OAuth2 provider. Check the README for more information on setting
-  # up on your models and hooks. By default this is not set.
-  config.oauth :github, 'APP_ID', 'APP_SECRET',
+  # ==> OmniAuth
+  config.omniauth :github, 'APP_ID', 'APP_SECRET',
     :site              => 'https://github.com/',
     :authorize_path    => '/login/oauth/authorize',
     :access_token_path => '/login/oauth/access_token',
     :scope             => 'user,public_repo'
 
-  config.oauth :facebook, 'APP_ID', 'APP_SECRET',
+  config.omniauth :facebook, 'APP_ID', 'APP_SECRET',
     :site              => 'https://graph.facebook.com/',
-    :scope             => %w(email offline_access)
+    :scope             => 'email,offline_access'
 
   # ==> Warden configuration
   # If you want to use other strategies, that are not supported by Devise, or

test/rails_app/config/routes.rb

@@ -8,7 +8,7 @@ Rails.application.routes.draw do
   resources :admins, :only => [:index]
 
   # Users scope
-  devise_for :users do
+  devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" } do
     match "/devise_for/sign_in", :to => "devise/sessions#new"
   end
 

test/rails_app/lib/shared_user.rb

@@ -4,45 +4,20 @@ module SharedUser
   included do
     devise :database_authenticatable, :confirmable, :lockable, :recoverable,
            :registerable, :rememberable, :timeoutable, :token_authenticatable,
-           :trackable, :validatable, :oauthable
+           :trackable, :validatable, :omniauthable
 
     # They need to be included after Devise is called.
     extend ExtendMethods
   end
 
   module ExtendMethods
-    def find_for_facebook_oauth(access_token, signed_in_resource=nil)
-      data = ActiveSupport::JSON.decode(access_token.get('/me'))
-      user = signed_in_resource || User.find_by_email(data["email"]) || User.new
-      user.update_with_facebook_oauth(access_token, data)
-      user.save
-      user
-    end
-
     def new_with_session(params, session)
       super.tap do |user|
-        if session[:user_facebook_oauth_token]
-          access_token = oauth_access_token(:facebook, session[:user_facebook_oauth_token])
-          user.update_with_facebook_oauth(access_token)
+        if data = session["devise.facebook_data"]
+          user.username = data["nickname"]
+          user.email    = data["email"]
         end
       end
     end
   end
-
-  def update_with_facebook_oauth(access_token, data=nil)
-    data ||= ActiveSupport::JSON.decode(access_token.get('/me'))
-
-    self.username = data["username"] unless username.present?
-    self.email    = data["email"] unless email.present?
-
-    self.confirmed_at ||= Time.now
-    self.facebook_token = access_token.token
-
-    unless encrypted_password.present?
-      self.password = Devise.friendly_token[0, 10]
-      self.password_confirmation = nil
-    end
-
-    yield self if block_given?
-  end
 end