search

janko / rodauth-rails

Rails integration for Rodauth authentication framework
https://github.com/jeremyevans/rodauth
MIT License
571 stars 40 forks source link

CSRF Validation Token Error With Omniauth (Rails API Only) #131

Closed mdodell closed 2 years ago

mdodell commented 2 years ago

I am currently testing rodauth to see if it could be a good use for some of my Rails API only apps.

I made a basic demo following the Omniauth tutorial but in API only mode.

When I try to make a POST request to the endpoint http://localhost:3000/auth/facebookvia a separate React app, I get a CSRF error: 

<ActionController::InvalidAuthenticityToken: ActionController::InvalidAuthenticityToken>

You can see this reproduced on Postman here.

I'm relatively new to figuring out auth in an API Only environment, so my apologies if this is a poor issue.

I'd be happy to reopen this as a discussion if it is a non-issue/something in my misunderstanding of omniauth.

mdodell commented 2 years ago

I was able to solve this - my issue was that I wasn't calling it from Facebook's authorizing grant with Rodauth as a redirect_uri, but rather directly from Postman. This was my mistake!