[Question] How to better ask for more oauth permissions?

[Luis Solano]

Hi

I use Devise to do the oauth with Github for my users. On login we ask for two basic scopes (for regular users) but if a user wants to perform some action (like setting up a new github organization in our product) we need to require some other scopes in addition to the ones we asked already.

I got it working for the most part the question is about how to better put everything together. This is the timeline of events:

1) User login (scope email)

2) User wants to perform setup action (POST /organizations)

3) in POST /organizations we check for the scopes of the current user and redirect to github to ask for the extra permissions if needed

4) User accepts the permissions and we get the oauth callback in the callbacks controller.

What I want is to continue with the process have at POST /organizations but the callback is in a different controller (obviously).

I've looked into `omniauth.origin` but that will only work for a GET redirect and this is a POST.

Any ideas how to better structure a solution for this?

Thank you!

- Luis