Meat-Chopper
commented
2 years ago Closed hoffdog closed 1 year ago
Meat-Chopper
commented
2 years ago 
hoffdog
commented
2 years ago What causes this error?
Meat-Chopper
commented
2 years ago It reproduces if you store session in cookies. Chrome browser doesn't send cookies on POST request from the Apple's site, so a new session is created by default. A workaround is implemented in the link above: 1 Prevented the creation of a new session on a POST request 2 Redirected request to be sent to the same location with the same parameters. Since there is a GET request after the redirect, Chrome includes cookies in the request.
vasaf
commented
2 years ago Where should I be implementing this solution? Bit stuck on this one..
Meat-Chopper
commented
2 years ago Just monkeypatch class OmniAuth::Strategies::Apple with the method callback_phase from the link
Meat-Chopper
commented
2 years ago I'd prefer it to be merged into this gem, but it's up to maintainers.
vasaf
commented
2 years ago Just monkeypatch class OmniAuth::Strategies::Apple with the method callback_phase from the link
Thanks! that did the trick
nov
commented
1 year ago set SameSite=none instead of redirect.
hoffdog
commented
1 year ago Thank you for all your work!
salzig
commented
1 year ago Instead of opening up the session to potential security risks, we may merge #107 and allow the nonce to be stored in its own encypted cookie?
Any idea what might be causing this error? Everything seems to be "wired" correctly when I login into my web app. But I see this flash message.
Could not authenticate you from Apple because "Nonce mismatch".One thing I noticed if I change
:laxto:none, the error goes away. However, it no longer works in Chrome. Not ideal.config.action_dispatch.cookies_same_site_protection = :laxLogs:
ERROR -- omniauth: (apple) Authentication failure! nonce_mismatch: OmniAuth::Strategies::OAuth2::CallbackError, nonce_mismatch | nonce mismatch