Is omniauth-rails_csrf_protection still required for OmniAuth 2.0? #1046

nathan-gusto · 2021-05-07T22:38:45Z

nathan-gusto
May 7, 2021

Hi there!

I read through the upgrade guide to 2.0 and would appreciate some clarification on whether omniauth-rails_csrf_protection is still required after upgrading omniauth.

The update section noted that if we're already using omniauth-rails_csrf_protection then we'd be able to upgrade to 2.0. What happens if we're not using it? Do we need to add the gem or the custom implementation for omniauth 2.0 to work properly?

Thanks!

Answered by BobbyMcWho

Jun 4, 2021

Hi Nathan!

The gem you linked is indeed the easiest way to set the authenticity token callback to match Rails. Whether you use that gem or implement your own, you will have to do something as omniauth tries to not include rails specific code in the gem.

View full answer

BobbyMcWho · 2021-06-04T23:33:03Z

BobbyMcWho
Jun 4, 2021
Maintainer

Hi Nathan!

The gem you linked is indeed the easiest way to set the authenticity token callback to match Rails. Whether you use that gem or implement your own, you will have to do something as omniauth tries to not include rails specific code in the gem.

1 reply

nathan-gusto Jun 4, 2021
Author

Thanks so much @BobbyMcWho for the reply and all of your work for maintaining this gem!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Is omniauth-rails_csrf_protection still required for OmniAuth 2.0? #1046

{{title}}

Replies: 1 comment 1 reply

{{title}}

{{title}}

Select a reply

Is omniauth-rails_csrf_protection still required for OmniAuth 2.0? #1046

nathan-gusto May 7, 2021

Replies: 1 comment · 1 reply

BobbyMcWho Jun 4, 2021 Maintainer

nathan-gusto Jun 4, 2021 Author

nathan-gusto
May 7, 2021

Replies: 1 comment 1 reply

BobbyMcWho
Jun 4, 2021
Maintainer

nathan-gusto Jun 4, 2021
Author