I was playing with the omniauth-github gem in a Trailblazer/Sinatra application with the basic setup as described per README. When hitting /auth/github manually, something happened, but then I’d get an exception on my side saying the following.
ERROR -- omniauth: (github) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected E, [2017-12-10T19:09:08.951604 #9111] ERROR -- omniauth: (github) Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
An hour of googling, clearing cookies and revoking access on Github didn’t help. I could see the authentication must have worked on the Github side.
It turned out that my accepting callback method was the problem.
# omniauth get '/auth/:provider/callback' do pp request.env['omniauth.auth'] end
The result from the pp method is an array and Rack interpreted this somehow, causing the authentication to happen twice. I randomly changed the method to this and suddenly it worked.
# omniauth get '/auth/:provider/callback' do pp request.env['omniauth.auth'] "worked!" # Rack will now understand this as a valid response end
I hope this will help anyone struggling with the same nasty issue. Yay!
Update: I found out that another problem was I am using Rack::Cascade to run two “applications”, both were issuing cookies, and I had to make the omniauth-using application (Web) the first one.
run Rack::Cascade.new([Web, Application])
Nick Sutterer 