Omniauth 设计认证失败! csrf_detected:

【问题标题】:Omniauth devise Authentication failure! csrf_detected:Omniauth 设计认证失败! csrf_detected:
【发布时间】:2015-06-27 02:46:38
【问题描述】:

我得到了Authentication failure! csrf_detected:,所以我无法使用omniauth 登录。

我关注了这个tutorial

我发现了类似的问题here

但是到目前为止我的问题没有运气。

有修复错误的想法吗?谢谢

E, [2015-06-27T10:40:06.028200 #18798] ERROR -- omniauth: (facebook) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected

宝石

  * devise (3.5.0)
  * omniauth (1.2.2)
  * omniauth-facebook (2.0.0)
  * omniauth-oauth2 (1.3.1)

/app/controllers/application_controller.rb

   protect_from_forgery with: :exception
-
+  before_action :authenticate_user!

/app/models/user.rb

   devise :database_authenticatable, :registerable,
+         :omniauthable, :omniauth_providers => [:facebook]
+  def self.from_omniauth(auth)
+    where(provider: auth.provider, uid: auth.uid).first_or_create do |user|
+      binding.pry
+      user.provider = auth.provider
+      user.uid = auth.uid
+      user.email = auth.info.email
+      user.password = Devise.friendly_token[0,20]
+    end
+  end
+

/config/initializers/omniauth.rb

+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'],
+   :scope => 'email'
+end

来自控制台的错误日志(如何追踪?)

Started GET "/users/auth/facebook/callback?code=AQDZC-Ny2PI-UwunCNi29mx4YGKT&state=cf896d3decffe2a7a664315e050a1165a290477542ff7d33" for 127.0.0.1 at 2015-06-27 10:40:05 +0800
I, [2015-06-27T10:40:05.255832 #18798]  INFO -- omniauth: (facebook) Callback phase initiated.
I, [2015-06-27T10:40:06.028051 #18798]  INFO -- omniauth: (facebook) Callback phase initiated.
E, [2015-06-27T10:40:06.028200 #18798] ERROR -- omniauth: (facebook) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
Processing by CallbacksController#failure as HTML
  Parameters: {"code"=>"AQDZC-Ny2PI-UwunCNi29mx4YGKTuHDeP2X2X-leywO14gr_iHLvXxX1LpV5WteUrQHpX-uc0Z01wcjy4XHA9CBkZeSo4qRb7jXdvPLfQl6mgwbMrFuQb1_55KughvtMWMlZ_7YEhtiLoEZH_2EvGXLbuKkUq", "state"=>"cf896d3decffe2a7a663"}

路线

+  devise_for :users, :controllers => { :omniauth_callbacks => "callbacks" }

【问题讨论】:

  • 你能解决你的问题吗?

标签: ruby-on-rails-4 devise omniauth


【解决方案1】:

您似乎也在Omniauth Facebook Github 回购中询问了this question。那里似乎也没有一个可靠的答案。

@dmcbrayer 确实建议将您的初始化程序更改为:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'],
   :scope => 'email',
   :info_fields => 'email'
end

这是由于 facebook 方面的 API 更改要求您明确要求info_fields

维护者@mkdynamic 还希望您验证它是否已在较新的版本(当时为 3.0.0)中得到修复。

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2011-04-27
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode