Closed jlxq0 closed 1 year ago
Since Apple's AuthZ response is POST, you need SameSite=none cookie on some browsers.
Do you have an example app (or code) or a hint on how to implement this for some browsers?
I think I am one step closer – however I'm not being logged in. Does the callback controller for apple look different from the other providers due to the POST instead of GET? Do you have an example?
Nvm my last comment. My problem was that the user(-email) already existed from another provider and thus the sign up failed (relatively silently). Now it is working.
https://bogdanvlviv.com/posts/ruby/rails/samesite-cookies-and-rails.html
@nov, do you happen to have another example? That site is gone and there is no google cache or wayback snapshot to view it.
To avoid this I added the following code to the Omniauth callbacks controller:
def verified_request?
action_name == 'apple' || super
end
Thanks @dcrec1 ! but for me I needed following code, and on ApplicationController.rb
# ApplicationController.rb
def verified_request?
controller_name == "omniauth_callbacks" || super
end
(I'm not sure if this is a duplicate with #76 or a new issue. Even if it is, I cannot make it work with any of the hints in that issue.)
I can successfully authenticate with apple, but then the callback fails with the following error:
I'm on ruby 3.1.2p20 and Rails 7.0.4; using devise, omniauth and omniauth-google-oauth2 successfully.
My callback controller for apple looks like this:
Is there a working minimal example app I could check out?