Example to avoid 404 after OmniAuth 2.0 upgrade

[osowskit]

Spent some time researching why upgrading broke this login flow. With the CSFR mitigation in 2.0, the GET /auth/twitter endpoint no longer is supported.

Adding OmniAuth.config.allowed_request_methods = [:get] is a temp workaround for the upgrade but it's better to support the POST method. Could you add a simple example (for sinatra/rack) for this?

reference

get '/' do
  <<~HTML
       <form method='post' action='/auth/twitter'>
         <input type="hidden" name="authenticity_token" value='#{request.env["rack.session"]["csrf"]}'>
         <button type='submit'>Login with Twitter</button>
       </form>
  HTML
end

[angezanetti]

I had the same issue, I installer this gem omniauth-rails_csrf_protection to update the link to POST ones.

Not super clean, but works