tmilewski
commented
10 years ago This is extremely old and based off of the < 1.0 version of OmniAuth. As it stands now, variables you pass through OmniAuth will persist in sessions for you to retrieve during the callback phase.
Also, DO NOT ignore or overwrite the state param as that is used to ensure CSRF protection.
Hello antonr and everyone, I had the same issue and tried antonr's fix. I did not manage to make it work. However, I have my own solution to propose. I am not at all an omniauth expert so this may be a bit hacky.
https://github.com/tiredenzo/omniauth-instagram/commit/21af1868f77fb74b166763c557c75c7f666b2600