OmniAuth::AuthenticityError

[princeBacancy]

Started POST "/auth/linkedin" for ::1 at 2021-05-25 18:08:07 +0530 D, [2021-05-25T18:08:07.525231 #36353] DEBUG -- omniauth: (linkedin) Request phase initiated. W, [2021-05-25T18:08:07.525652 #36353] WARN -- omniauth: Attack prevented by OmniAuth::AuthenticityTokenProtection E, [2021-05-25T18:08:07.525704 #36353] ERROR -- omniauth: (linkedin) Authentication failure! authenticity_error: OmniAuth::AuthenticityError, Forbidden E, [2021-05-25T18:08:07.525806 #36353] ERROR -- omniauth: (linkedin) Authentication failure! Forbidden: OmniAuth::AuthenticityError, Forbidden

OmniAuth::AuthenticityError (Forbidden):

getting this error.

[kakas]

I got the same errors today. I found the problem is related to the version of OmniAuth. When you use omniauth > 2.0, you should explicit the version of omniauth-rails_csrf_protection to 1.0

reference: https://github.com/omniauth/omniauth/wiki/Upgrading-to-2.0#rails

Gemfile

gem 'omniauth-linkedin-oauth2', '~> 1.0'
gem 'omniauth-rails_csrf_protection', '~> 1.0'

part of my Gemfile.lock

    oauth2 (2.0.6)
      faraday (>= 0.17.3, < 3.0)
      jwt (>= 1.0, < 3.0)
      multi_xml (~> 0.5)
      rack (>= 1.2, < 3)
      rash_alt (>= 0.4, < 1)
      version_gem (~> 1.1)
    omniauth (2.1.0)
      hashie (>= 3.4.6)
      rack (>= 2.2.3)
      rack-protection
    omniauth-linkedin-oauth2 (1.0.0)
      omniauth-oauth2
    omniauth-oauth2 (1.8.0)
      oauth2 (>= 1.4, < 3)
      omniauth (~> 2.0)
    omniauth-rails_csrf_protection (1.0.1)
      actionpack (>= 4.2)
      omniauth (~> 2.0)