Please include the following information in your post:
- Which SDK this is regarding: e.g. omniauth-auth0 ruby gem
- SDK Version: latest version 2.5.0
- Platform Version: e.g. Ruby 2.5.8, rails version ‘5.0.7.2’
- Code Snippets/Error Messages/Supporting Details/Screenshots:
ERROR – omniauth: (auth0) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
I am using the ruby on rails guide located on the auth0 website and the omniauth auth0 gem page.
Everytime the authentication callsback to my application, I get the following error:
ERROR – omniauth: (auth0) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
At this point I’m not really sure what to try. It works fine locally but the issue occurs when I deploy my application to a deployed environment.
INFO -- : Completed 406 Not Acceptable in 11ms|
|---|---|
INFO -- : Processing by Auth0Controller#failure as HTML|
INFO -- : Parameters: {"message"=>"csrf_detected", "strategy"=>"auth0"}|
INFO -- : Started GET "/auth/failure?message=csrf_detected&strategy=auth0"
ERROR -- omniauth: (auth0) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected|
INFO -- omniauth: (auth0) Callback phase initiated.|
INFO -- : Started GET "/auth/auth0/callback?code=Ea4jPvhH7aeRzCtF&state=005abdb28c023f519cc41268b657e8e32f3a3dda9031499f"
"GET /auth/auth0/callback?code=Ea4jPvhH7aeRzCtF&state=005abdb28c023f519cc41268b657e8e32f3a3dda9031499f HTTP/1.1" 302 0 9 "https://login.microsoftonline.com/"
INFO -- omniauth: (auth0) Request phase initiated.|
INFO -- : Started POST "/auth/auth0" for 10.176.126.32 at 2021-01-27 23:28:54 +0000|
At this point I am not sure what even to try. Has anyone any ideas what this could be and how it could be resolved? Let me know if i can provide any further information.
I was getting a cookie overflow so I changed the session store in the initializer as per the guide:
Rails.application.config.session_store :cache_store, key: '_myapp_session'
If I remove this I get a cookie overflow error.