Got the same problem
(google_oauth2) Callback phase initiated.
(google_oauth2) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
Last Omniauth-oauth2 update introduced the "state" param has a mandatory field.
Some people suggest using provider_ignores_state: true but it's a bad idea because it introduces csrf flaw
Guess we'll have to downgrade to previous version to keep google_oauth2 working.
Issue it on https://github.com/intridea/omniauth-oauth2/issues/58