All geek questions in one place

Omniauth Error Authentication Error! csrf_detected:

I got Authentication failure! csrf_detected: Authentication failure! csrf_detected: so that I cannot log in with omniauth.

I followed this tutorial

and I found a similar problem here ,

But still there is no my luck.

Any idea for fixing a bug? Thanks

 E, [2015-06-27T10:40:06.028200 #18798] ERROR -- omniauth: (facebook) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected

Gems

  * devise (3.5.0) * omniauth (1.2.2) * omniauth-facebook (2.0.0) * omniauth-oauth2 (1.3.1)

/app/controllers/application_controller.rb

  protect_from_forgery with: :exception - + before_action :authenticate_user!

/app/models/user.rb

  devise :database_authenticatable, :registerable, + :omniauthable, :omniauth_providers => [:facebook] + def self.from_omniauth(auth) + where(provider: auth.provider, uid: auth.uid).first_or_create do |user| + binding.pry + user.provider = auth.provider + user.uid = auth.uid + user.email = auth.info.email + user.password = Devise.friendly_token[0,20] + end + end +

/config/initializers/omniauth.rb

 +Rails.application.config.middleware.use OmniAuth::Builder do + provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'], + :scope => 'email' +end

Error log from the console (how to track it?)

 Started GET "/users/auth/facebook/callback?code=AQDZC-Ny2PI-UwunCNi29mx4YGKT&state=cf896d3decffe2a7a664315e050a1165a290477542ff7d33" for 127.0.0.1 at 2015-06-27 10:40:05 +0800 I, [2015-06-27T10:40:05.255832 #18798] INFO -- omniauth: (facebook) Callback phase initiated. I, [2015-06-27T10:40:06.028051 #18798] INFO -- omniauth: (facebook) Callback phase initiated. E, [2015-06-27T10:40:06.028200 #18798] ERROR -- omniauth: (facebook) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected Processing by CallbacksController#failure as HTML Parameters: {"code"=>"AQDZC-Ny2PI-UwunCNi29mx4YGKTuHDeP2X2X-leywO14gr_iHLvXxX1LpV5WteUrQHpX-uc0Z01wcjy4XHA9CBkZeSo4qRb7jXdvPLfQl6mgwbMrFuQb1_55KughvtMWMlZ_7YEhtiLoEZH_2EvGXLbuKkUq", "state"=>"cf896d3decffe2a7a663"}

routes

 + devise_for :users, :controllers => { :omniauth_callbacks => "callbacks" }
+6
source share
1 answer

It looks like you also asked this question on the Omniauth Facebook Github Repo. It does not seem that there was a firm answer.

@dmcbrayer suggested changing your initializer to look like this:

 Rails.application.config.middleware.use OmniAuth::Builder do provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'], :scope => 'email', :info_fields => 'email' end

This was due to a change in the API on the facebook side, in which you had to explicitly request info_fields .

The maintainer @mkdynamic also wanted you to check if it was fixed in a newer version (3.0.0 at the time).

0
source

Source: https://habr.com/ru/post/989848/

More articles:


All Articles