omniauth-apple icon indicating copy to clipboard operation
omniauth-apple copied to clipboard

Published 20 hours ago verified publisher icon nhosoya

Please, add to Readme some important settings.

Open isaichenko opened this issue 1 year ago • 3 comments

For rails 7.1.3

In config/application.rb: config.action_dispatch.cookies_same_site_protection = lambda { |request| request.path == '/users/auth/apple' ? :none : :lax }

In controllers/application_controller.rb: def verified_request? controller_name == 'omniauth_callbacks' || super end

In config/environments/production.rb: config.assume_ssl = true config.force_ssl = true

Without these settings the gem did not work for me. Hope this helps others.

isaichenko avatar Feb 02 '24 13:02 isaichenko

  1. Are the first 2 config changes specifically geared towards disabling CSRF protection on the Apple OAuth flow?
  2. Why is the last config change needed for production?

kschutt avatar Apr 24 '24 12:04 kschutt

despite doing all the above I'm getting this error in production: ERROR -- omniauth: (apple) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected

34code avatar Aug 11 '24 10:08 34code

I had previously made it work with slightly different code in config/application.rb so my code doesnt have the /users/... part before as my callback url is configured differently..

config.action_dispatch.cookies_same_site_protection = lambda { |request|
      if request.path.starts_with?("/auth/apple")
        :none
      elsif request.path == '/users/auth/apple'
        :none
      else
        :lax
      end
    }

34code avatar Aug 11 '24 10:08 34code