Please, add to Readme some important settings.

nhosoya / omniauth-apple

OmniAuth strategy for Sign In with Apple

MIT License

260 stars 99 forks source link

Please, add to Readme some important settings. #112

Open isaichenko opened 7 months ago

isaichenko commented 7 months ago

For rails 7.1.3

In config/application.rb: config.action_dispatch.cookies_same_site_protection = lambda { |request| request.path == '/users/auth/apple' ? :none : :lax }

In controllers/application_controller.rb: def verified_request? controller_name == 'omniauth_callbacks' || super end

In config/environments/production.rb: config.assume_ssl = true config.force_ssl = true

Without these settings the gem did not work for me. Hope this helps others.

kschutt commented 4 months ago

Are the first 2 config changes specifically geared towards disabling CSRF protection on the Apple OAuth flow?
Why is the last config change needed for production?

34code commented 3 weeks ago

despite doing all the above I'm getting this error in production: ERROR -- omniauth: (apple) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected

34code commented 3 weeks ago

I had previously made it work with slightly different code in config/application.rb so my code doesnt have the /users/... part before as my callback url is configured differently..

config.action_dispatch.cookies_same_site_protection = lambda { |request|
      if request.path.starts_with?("/auth/apple")
        :none
      elsif request.path == '/users/auth/apple'
        :none
      else
        :lax
      end
    }