Solved: omniauth-github fails to authenticate

I was playing with the omniauth-github gem in a Trailblazer/Sinatra application with the basic setup as described per README. When hitting /auth/github manually, something happened, but then I’d get an exception on my side saying the following.

ERROR -- omniauth: (github) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
E, [2017-12-10T19:09:08.951604 #9111] ERROR -- omniauth: (github) Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected

An hour of googling, clearing cookies and revoking access on Github didn’t help. I could see the authentication must have worked on the Github side.

It turned out that my accepting callback method was the problem.

# omniauth
get '/auth/:provider/callback' do
  pp request.env['omniauth.auth']

The result from the pp method is an array and Rack interpreted this somehow, causing the authentication to happen twice. I randomly changed the method to this and suddenly it worked.

# omniauth
get '/auth/:provider/callback' do
  pp request.env['omniauth.auth']
  "worked!" # Rack will now understand this as a valid response

I hope this will help anyone struggling with the same nasty issue. Yay!

 Update: I found out that another problem was I am using Rack::Cascade to run two “applications”, both were issuing cookies, and I had to make the omniauth-using application (Web) the first one.

run[Web, Application])

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s