newBike
Reputation: 15002
Omniauth devise Authentication failure! csrf_detected:
I got the Authentication failure! csrf_detected: so that I couldn't login with omniauth.
I followed this tutorial
and I found similar issue here,
But there are no luck for my problem till now.
Any idea for fixing the error ? Thanks
E, [2015-06-27T10:40:06.028200 #18798] ERROR -- omniauth: (facebook) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
Gems
* devise (3.5.0)
* omniauth (1.2.2)
* omniauth-facebook (2.0.0)
* omniauth-oauth2 (1.3.1)
/app/controllers/application_controller.rb
protect_from_forgery with: :exception
-
+ before_action :authenticate_user!
/app/models/user.rb
devise :database_authenticatable, :registerable,
+ :omniauthable, :omniauth_providers => [:facebook]
+ def self.from_omniauth(auth)
+ where(provider: auth.provider, uid: auth.uid).first_or_create do |user|
+ binding.pry
+ user.provider = auth.provider
+ user.uid = auth.uid
+ user.email = auth.info.email
+ user.password = Devise.friendly_token[0,20]
+ end
+ end
+
/config/initializers/omniauth.rb
+Rails.application.config.middleware.use OmniAuth::Builder do
+ provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'],
+ :scope => 'email'
+end
Error log from console (how to trace it?)
Started GET "/users/auth/facebook/callback?code=AQDZC-Ny2PI-UwunCNi29mx4YGKT&state=cf896d3decffe2a7a664315e050a1165a290477542ff7d33" for 127.0.0.1 at 2015-06-27 10:40:05 +0800
I, [2015-06-27T10:40:05.255832 #18798] INFO -- omniauth: (facebook) Callback phase initiated.
I, [2015-06-27T10:40:06.028051 #18798] INFO -- omniauth: (facebook) Callback phase initiated.
E, [2015-06-27T10:40:06.028200 #18798] ERROR -- omniauth: (facebook) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
Processing by CallbacksController#failure as HTML
Parameters: {"code"=>"AQDZC-Ny2PI-UwunCNi29mx4YGKTuHDeP2X2X-leywO14gr_iHLvXxX1LpV5WteUrQHpX-uc0Z01wcjy4XHA9CBkZeSo4qRb7jXdvPLfQl6mgwbMrFuQb1_55KughvtMWMlZ_7YEhtiLoEZH_2EvGXLbuKkUq", "state"=>"cf896d3decffe2a7a663"}
routes
+ devise_for :users, :controllers => { :omniauth_callbacks => "callbacks" }
Upvotes: 7
Views: 5004
Answers (1)
smaclell
Reputation: 4658
It looks like you also asked this question on the Omniauth Facebook Github Repo. It didn't look like there was a solid answer there either.
@dmcbrayer did suggest changing your initializer to look like:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'],
:scope => 'email',
:info_fields => 'email'
end
This was due to an API change on facebook side which required you to explicitly ask for info_fields.
The maintainer @mkdynamic also wanted you to verify whether it was fixed in a newer version (3.0.0 at the time).
Upvotes: 0
Related Questions
- OmniAuth::NoSessionError - You must provide a session to use OmniAuth. (configured in devise)
- Rails 4 + omniauth facebook - csrf detected
- Cannot getting devise omniauthable working
- omniauth google-oauth2 with devise - invalid_credentials and "Csrf detected"
- OmniAuth + Devise + Rails 3 fails in production with Error::EACCES
- Setting up devise+omniauth in rails, keep getting a routing error after 'login'
- Rails 4: devise and omniauthable error
- devise + omniauth auth/failure?message=invalid_credentials
- OmniAuth Invalid Response Error
- OmniAuth Single Sign On with Devise, invalid_credentials