You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using develper strategy, callback should be provided with valid token
Actual Behavior
Goes to auth/developer login form correctly, but then raises following error instead of returning to auth/developer/callback which routes to sessions#create:
ActionController::InvalidAuthenticityToken in SessionsController#create
ActionController::InvalidAuthenticityToken
Steps to Reproduce
Register or Log In with Developer
Click on above link which is on login page.
Register or Log In with GitHub
Register or Log In with Facebook
Other links work normally, also passes Cucumber tests in test mode.
Only problem is that I need to do an end run on actual authentication while I'm in develper mode so actual providers aren't abused.
Let me know which files I should include.
The text was updated successfully, but these errors were encountered:
I found this in another section of the Wiki:
Rails session is clobbered after callback on Developer strategy
The developer strategy callback is sent using POST request. Disable forgery protection for given action, otherwise session will be clobbered by rails.
Is this before_action being handled by omniauth itself, or should I add it to my controllers when NOT in developer mode?
It looks as though this scheme works by just adding that line in developer mode, and deleting it in production, which seems pretty unreliable. Is there a way to enforce it automatically instead?
cycomachead
added a commit
to cycomachead/omniauth
that referenced
this issue
Mar 3, 2023
The changes the default method of the :developer strategy to GET.
It does this by allowing OmniAuth::Form to accept a `:method` option,
which is optional and defaults to 'post', the current behavior.
Because the default behavior remains unchanged, I don't expect this to
introduct any breaking changes.
This allows the developer strategy to work with the directions provided
in the README. Further, it seems that the default action of most
stratigies is to use GET for their callbacks.
Fixesomniauth#1087Fixesomniauth#1061Fixesomniauth#957
Please complete all sections.
Configuration
omniauth*
#.lock shows omniauth (1.9.0)2.4.0
ubuntu
#on cloud 9 ideExpected Behavior
Using develper strategy, callback should be provided with valid token
Actual Behavior
Goes to auth/developer login form correctly, but then raises following error instead of returning to auth/developer/callback which routes to sessions#create:
ActionController::InvalidAuthenticityToken in SessionsController#create
ActionController::InvalidAuthenticityToken
Steps to Reproduce
Register or Log In with Developer
Click on above link which is on login page.
Register or Log In with GitHub
Register or Log In with Facebook
Other links work normally, also passes Cucumber tests in test mode.
Only problem is that I need to do an end run on actual authentication while I'm in develper mode so actual providers aren't abused.
Let me know which files I should include.
The text was updated successfully, but these errors were encountered: