Closed hoffdog closed 1 year ago
What causes this error?
It reproduces if you store session in cookies. Chrome browser doesn't send cookies on POST request from the Apple's site, so a new session is created by default. A workaround is implemented in the link above: 1 Prevented the creation of a new session on a POST request 2 Redirected request to be sent to the same location with the same parameters. Since there is a GET request after the redirect, Chrome includes cookies in the request.
Where should I be implementing this solution? Bit stuck on this one..
Just monkeypatch class OmniAuth::Strategies::Apple with the method callback_phase from the link
I'd prefer it to be merged into this gem, but it's up to maintainers.
Just monkeypatch class OmniAuth::Strategies::Apple with the method callback_phase from the link
Thanks! that did the trick
set SameSite=none
instead of redirect.
Thank you for all your work!
Instead of opening up the session to potential security risks, we may merge #107 and allow the nonce to be stored in its own encypted cookie?
Any idea what might be causing this error? Everything seems to be "wired" correctly when I login into my web app. But I see this flash message.
Could not authenticate you from Apple because "Nonce mismatch".
One thing I noticed if I change
:lax
to:none
, the error goes away. However, it no longer works in Chrome. Not ideal.config.action_dispatch.cookies_same_site_protection = :lax
Logs:
ERROR -- omniauth: (apple) Authentication failure! nonce_mismatch: OmniAuth::Strategies::OAuth2::CallbackError, nonce_mismatch | nonce mismatch