I have a platform.domain.com and a domain.com.
The platform.domain.com is running a rails application, which uses the omniauth-auth0 gem and the devise omniauth integration.
What I’m trying to achieve is to have a button/link on the domain.com page, which redirects the user to the login flow and after the user logs in- get redirected to the platform.domain.com page and they should be logged in the app.
The link I’m using is:
https://tenant.auth0.com/authorize?response_type=code&client_id=CLIENT_ID&process=status_page&state=SOME_STATE&redirect_uri=https://platform.domain.com/users/auth/auth0/callback
I get redirected correctly to my tenants log in page, enter my credentials, click log in and it correctly logs me into Auth0 BUT it does not log me into my app and the logs in my rails app are the following:
INFO -- : [request-id] Started GET "/users/auth/auth0/callback?code=CODE&state=STATE" for SOME_IP at 2022-03-25 16:33:58 +0000
DEBUG -- omniauth: (auth0) Callback phase initiated.
ERROR -- omniauth: (auth0) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
INFO -- : [request-id] Processing by Users::OmniauthCallbacksController#failure as HTML
INFO -- : [request-id] Parameters: {"code"=>"CODE", "state"=>"STATE"}
Clicking the log in link AGAIN on platform.domain.com after it has failed logs me in correctly.
What can I do to be able to have a log in button/link on domain.com which successfully logs me into platform.domain.com, without needing to click a ‘Log In’ button twice.