
I'm getting this

OmniAuth::Strategies::OAuth2::CallbackError at /auth/google/callback csrf_detected | CSRF detected

My code:

require 'sinatra'
require "sinatra/json"
require "sinatra/config_file"
require 'omniauth-oauth2'
require 'omniauth-google-oauth2'

use Rack::Logger

config_file "config/app_config.yml"
use Rack::Session::Cookie, secret: '5fb7w345y3489f523y4h'

configure do
  enable :sessions

use OmniAuth::Builder do
  provider :google_oauth2, settings.google[:client_id], settings.google[:secret],
      :scope => "userinfo.profile",
      :access_type => "offline",
      :prompt => "select_account consent",
      :name => "google"

get '/list' do
  json get_list

get '/' do
  %Q|<a href='/auth/google'>Sign in with Google</a>|

get '/auth/:name/callback' do
  @auth = request.env['omniauth.auth']

My callback is returning both code and state.

도움이 되었습니까?

해결책 3

Got the same problem

(google_oauth2) Callback phase initiated.
(google_oauth2) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected

Last Omniauth-oauth2 update introduced the "state" param has a mandatory field.

Some people suggest using provider_ignores_state: true but it's a bad idea because it introduces csrf flaw

Guess we'll have to downgrade to previous version to keep google_oauth2 working.

Issue it on https://github.com/intridea/omniauth-oauth2/issues/58

다른 팁

This problem occurs with rails when the domain defined in /config/initializer/session_store.rb is different from the origin/redirect_uri defined in the google api console.

MyApp::Application.config.session_store :cookie_store, key: '_app_session', domain: 'my_app.com'

Removing the domain params or using the same domain on both sides fixed the problem.

If you are using Devise with OmniAuth you need to skip the extra omniauth.rb initializer file and simply add config.provider "KEY", "SECRET" inside your initializers/devise.rb and then carry on with your implementation.

Are you hitting back and reattempting to log in? I was getting this issue and it was really confusing me, but it was because I was going back to retry. If I typed in the address again, I wouldn't get the issue

라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top