'Rails - Linkedin Auth: Not found. Authentication passthru

Hi have an application with Linkedin Authentication that used to work fine. Today I got complains from user saying they see: Not found. Authentication passthru. when clicking on login with Linkedin. it takes them to the page: http://XXXXX/users/auth/linkedin?locale=en

When i check in the logs I get :

Started GET "/users/auth/linkedin?locale=en" for ::1 at 2021-07-12 18:04:13 +0800
Processing by OmniauthCallbacksController#passthru as HTML
  Parameters: {"locale"=>"en"}
  Rendering text template
  Rendered text template (0.0ms)
Completed 404 Not Found in 3ms (Views: 0.9ms | ActiveRecord: 0.3ms)

My controller looks like:

class OmniauthCallbacksController < Devise::OmniauthCallbacksController
  def linkedin

    @user = User.connect_to_linkedin(request.env["omniauth.auth"],current_user)
    if @user.persisted?
      flash[:notice] = I18n.t "devise.omniauth_callbacks.success"
      sign_in_and_redirect @user, :event => :authentication
    else
      session["devise.linkedin_uid"] = request.env["omniauth.auth"].except("extra")
      redirect_to new_user_registration_url
      flash[:notice] = I18n.t "devise.omniauth_callbacks.failure"

    end
  end

I have the following in my model:

devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable, :confirmable, :omniauthable, :omniauth_providers => [:linkedin

             user_linkedin_omniauth_authorize GET|POST /users/auth/linkedin(.:format)                                                omniauth_callbacks#passthru
              user_linkedin_omniauth_callback GET|POST /users/auth/linkedin/callback(.:format)                                       omniauth_callbacks#linkedin

When I add the POST method to the link_to, i get the following:

Started POST "/users/auth/linkedin?locale=en" for ::1 at 2021-07-12 21:56:18 +0800
D, [2021-07-12T21:56:18.416654 #65475] DEBUG -- omniauth: (linkedin) Request phase initiated.
W, [2021-07-12T21:56:18.417955 #65475]  WARN -- omniauth: Attack prevented by OmniAuth::AuthenticityTokenProtection
E, [2021-07-12T21:56:18.418089 #65475] ERROR -- omniauth: (linkedin) Authentication failure! authenticity_error: OmniAuth::AuthenticityError, Forbidden
Processing by OmniauthCallbacksController#failure as HTML

And other stuff

Do you see what could be teh reason behind this sudden problem please? I did a Bundle Update few days ago and a lot of errors started showing up.

None of what i saw so far could help.

ruby-on-railsomniauth


Solution 1:[1]

In application.rb whats's your config.load_defaults set to? I've been having issues myself if this is set to 6.1. 6.0 works fine. Its some issue related to cookie SameSite settings (needs to be lax for localhost, and none+secure for live on the web usually - I could be wrong).
And also yes, check you're doing a POST to your sign in endpoint with CSRF checking in place.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Dom Barnes

Related Questions