Programmatically log a user in (outside of Rodauth routes)

[aguynamedben]

What's the recommended way to programmatically log a user in?

Is it something like this?

rodauth.account_from_id(account.id)
rodauth.autologin_session("my_special_reason")

Can the autologin_type value passed to rodauth.autologin_session be any arbitrary string? Is this value stored in the session cookie or something like that? I was expecting a simple API similar to Devise, i.e. sign_in(user). This seems to be working, but it was a struggle reading through the guides, API docs, and examples.

Use case: I'm programmatically creating Accounts from an OAuth response (OmniAuth auth_hash). I have the right Account, I'm just not sure which rodauth API call(s) log the user in. Right now in my controller I have:

[jeremyevans]

You may want to use login("omniauth") or login_session("omniauth") instead. login handles more, and you could potentially reduce the amount of custom code using it.

Here's what autologin_session does:

    def autologin_session(autologin_type)
      login_session('autologin')
      set_session_value(autologin_type_session_key, autologin_type)
    end

Here's what login does:

    def login(auth_type)
      @saved_login_redirect = remove_session_value(login_redirect_session_key)
      transaction do
        before_login
        login_session(auth_type)
        yield if block_given?
        after_login
      end
      require_response(:_login_response)
    end

As you can see, both call login_session, which does:

    def login_session(auth_type)
      update_session
      set_session_value(authenticated_by_session_key, [auth_type])
    end

Not sure if you were aware of it, but you may want to consider using rodauth-omniauth instead of custom code.

[aguynamedben]

Thank you very much @jeremyevans. 🙏 That is very helpful. I see in the code now. I'm still finding my way around the way Rodauth executes and exposes it's API. Thank you for the work you put into Rodauth, I'm loving it.

---

Re: rodauth-omniauth, here's the research journey I went on. I'm open to feedback, but feel free to ignore as well :) rodauth-omniauth worked very well out of the box, but this part of the README caught my attention:

There is currently also no built-in functionality for connecting/removing external identities when signed in. Both features are planned for future versions.

If I want a different OAuth <-> Account logic, for example—a single Account in my system can be authenticated with multipele GitHub accounts—it seems I would end up needing a custom OmniAuth callback controller anyway. I have a lot of experience with OmniAuth, so it's a "devil I know" I'm comfortable managing. I want to avoid "fighting with rodauth-omniauth", even though I agree that library provides a great default account creation flow.

I'm happy to provide feedback if you think the that flow could be implemented. I had success with the "happy path":

• app/models/account.rb - Rails model on top of Rodauth "accounts" table
• app/models/account_identity.rb - Rails model on top of rodauth-omniauth "account_identities" table. I think I could customize the fields here as I would need
• Auth worked, I could create an account and sign-in with a GitHub account very easily.

However it got more fuzzy around here:

• app/models/user.rb - my own user profile for fields like first_name, last_name, etc. I could customize omniauth_identity_update_hash to provide a nested Hash, i.e. account.account_identities.first_name, account.account_identities.last_name and trust the Account model to save those via the ActiveRecord relationship.
• I'm not sure how I would implement 1 account -> 2 account_identities in the callback phase with rodauth-omniauth. I could customize omniauth_before_callback_phase but I'm that executes in the Rodauth context and seems like I'd be mucking around in rodauth-omniauth's world at that point. It seems simpler to just have a custom Omniauth callback controller that lets me do whatever I need to do.

Again, thank you for the work you put into Rodauth, I'm loving it.

[jeremyevans]

Sorry for the delay in responding. Just wanted to thank you for providing this context.