When upgrading to OmniAuth 2.0 in your Ruby on Rails application, you might encounter a new error in your browser saying:
Not found. Authentication passthru.
In your Rails application log, you will see the following error:
DEBUG -- omniauth: (google_oauth2) Request phase initiated. WARN -- omniauth: Attack prevented by OmniAuth::AuthenticityTokenProtection ERROR -- omniauth: (google_oauth2) Authentication failure! authenticity_error: OmniAuth::AuthenticityError, Forbidden
To resolve this issue, install the omniauth-rails_csrf_protection gem:
gem 'omniauth-rails_csrf_protection'
Then, make sure to use HTTP method POST when initiating authentication. If you are using a link, you can set the HTTP method to POST like this:
link_to "Login with #{provider}", omniauth_authorize_path(resource_name, provider), method: :post