Could not authenticate you from Foursquare because "Csrf detected"

1
votes

I'm using Devise + Omniauth (actually omniauth-foursquare, the foursquare OAuth2 strategy) in my Rails app. Upon signing in, I keep being redirected to my app (/users/sign_in#=) with the following error:

Could not authenticate you from Foursquare because "Csrf detected"

Any insights?

This is what I see last in the console:

  • I, [2014-10-19T19:43:38.947771 #2] INFO -- omniauth: (foursquare) Request phase initiated.
  • Started GET "/users/auth/foursquare" for 142.255.113... at 2014-10-19 19:43:38 +0000
  • Parameters: {"code"=>"2MZGM413...", "state"=>"1ba1cec3beb4..."}
  • Processing by Devise::SessionsController#new as HTML
  • Started GET "/users/auth/foursquare/callback?code=2MZGM413...&state=1ba1cec3beb4..." for 142.255.113... at 2014-10
  • I, [2014-10-19T19:43:39.378477 #2] INFO -- omniauth: (foursquare) Callback phase initiated.
  • E, [2014-10-19T19:43:39.378660 #2] ERROR -- omniauth: (foursquare) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected

As far as I can tell, my troubles started when I received a "cookie overflow" erorr and switched to session_storing: (session_store.rb)

Rails.application.config.session_store :active_record_store, key: '_APPNAME_session', domain: 'DOMAIN.com'

Thanks!

1
ruby-on-railsomniauthcsrffoursquare

1 Answers

0
votes

If you inspect the source for your app, you'll see that the generated HTML includes the CSRF meta tags in the HEAD element (i.e. csrf-token and csrf-param). Most likely, one of your layouts/views is calling the csrf_meta_tags method. Try removing it to see if it works, and then consider creating a separate layout without it for forms that won't need it. Other people with more experience on frontend rails could chime in here with best practices.