Spent some time researching why upgrading broke this login flow. With the CSFR mitigation in 2.0, the GET /auth/twitter endpoint no longer is supported.
Adding OmniAuth.config.allowed_request_methods = [:get] is a temp workaround for the upgrade but it's better to support the POST method. Could you add a simple example (for sinatra/rack) for this?
get '/' do
<<~HTML
<form method='post' action='/auth/twitter'>
<input type="hidden" name="authenticity_token" value='#{request.env["rack.session"]["csrf"]}'>
<button type='submit'>Login with Twitter</button>
</form>
HTML
end
Spent some time researching why upgrading broke this login flow. With the CSFR mitigation in 2.0, the GET
/auth/twitter
endpoint no longer is supported.Adding
OmniAuth.config.allowed_request_methods = [:get]
is a temp workaround for the upgrade but it's better to support the POST method. Could you add a simple example (for sinatra/rack) for this?reference