class AuthController < ApplicationController skip_before_action :verify_session def login end def logout session.destroy redirect_to login_path end def auth redirect_to client.auth_code.authorize_url(redirect_uri: ENV['callback_url']) end def callback access_token = client.auth_code.get_token(params[:code], redirect_uri: ENV['callback_url']) session[:token] = access_token.token user_info(access_token) redirect_to accounts_path end private def user_info access_token @user_info ||= JSON.parse(access_token.get(ENV['oauth_path'] + '/api/v3/user').body) session[:name] = @user_info['name'] session[:avatar] = @user_info['avatar_url'] session[:admin] = @user_info['is_admin'] end def client OAuth2::Client.new( ENV['client_key'], ENV['secret_key'], site: ENV['oauth_path'] ) end end