How do I limit Devise routes down to just new/destroy session & OmniAuth routes?

Question

I'm using Devise / OmniAuth (with Facebook login), and I'm trying to limit Devise routes down to just this, because I want to only allow login via Facebook.

                  Prefix Verb     URI Pattern                            Controller#Action
        new_user_session GET      /users/sign_in(.:format)               devise/sessions#new
    destroy_user_session DELETE   /users/sign_out(.:format)              devise/sessions#destroy
 user_omniauth_authorize GET|POST /users/auth/:provider(.:format)        callbacks#passthru {:provider=>/facebook/}
  user_omniauth_callback GET|POST /users/auth/:action/callback(.:format) callbacks#:action

but instead, I can't seem to pare the set of routes down to anything less than this (without also blowing away new_user_session and destroy_user_session):

                  Prefix Verb     URI Pattern                            Controller#Action
        new_user_session GET      /users/sign_in(.:format)               devise/sessions#new
            user_session POST     /users/sign_in(.:format)               devise/sessions#create
    destroy_user_session DELETE   /users/sign_out(.:format)              devise/sessions#destroy
 user_omniauth_authorize GET|POST /users/auth/:provider(.:format)        callbacks#passthru {:provider=>/facebook/}
  user_omniauth_callback GET|POST /users/auth/:action/callback(.:format) callbacks#:action
           user_password POST     /users/password(.:format)              devise/passwords#create
       new_user_password GET      /users/password/new(.:format)          devise/passwords#new
      edit_user_password GET      /users/password/edit(.:format)         devise/passwords#edit
                         PATCH    /users/password(.:format)              devise/passwords#update
                         PUT      /users/password(.:format)              devise/passwords#update
cancel_user_registration GET      /users/cancel(.:format)                registrations#cancel
       user_registration POST     /users(.:format)                       registrations#create
   new_user_registration GET      /users/sign_up(.:format)               registrations#new
  edit_user_registration GET      /users/edit(.:format)                  registrations#edit
                         PATCH    /users(.:format)                       registrations#update
                         PUT      /users(.:format)                       registrations#update
                         DELETE   /users(.:format)                       registrations#destroy

A few other questions (e.g., this one) I've found indicate that :skip in routes.rb can help, e.g.:

devise_for :users, :skip => [:sessions, :registrations]

The problem with that approach is that it blows away new_user_session and destroy_user_session. Basically, I want the user to be able to navigate to a sign in page (new_user_session_path) and sign out (via destroy_user_session_path).

I think I'm missing some fundamental concept here, but I'm not sure what it is. Essentially, I'd like to disable these routes:

• devise/sessions#create (why would I need it if login is always through Facebook)
• devise/passwords#create
• devise/passwords#new
• devise/passwords#edit
• devise/passwords#update
• registrations#cancel
• registrations#create
• registrations#new
• registrations#edit
• registrations#update
• registrations#destroy

How could I accomplish this? (or does what I'm trying to do even make sense?)

Answer 1

You can define individual routes by removing the devise_for call and using devise_scope like so:

# routes.rb

devise_scope :user do
  get 'sign_in', to: 'devise/sessions#new', as: :new_user_session
  delete 'sign_out', to: 'devise/sessions#destroy', as: :destroy_user_session
  # etc...
end

Then, you'll have granular control over the Devise routes.

Hope that helps.