Users are signed out before callback

[theodorton]

In the case where I have already authenticated my user, and I'm trying to connect their Google Apps-account. The existing user seems to be signed out before my callback in OmniauthCallbacksController.

I've verified this. It does not happen with the omniauth-facebook gem.

I've tried to go through the code of the gem to identify where this happens, but no success so far.

Any ideas?

[sishen]

Do you have multiple google accounts signed in?

[theodorton]

No. I'm signing in with Facebook. Then I attempt to connect with google apps, and current_user is cleared.

Thanks for prompt reply! 👍

[theodorton]

I figured it out. For some strange reason I had to add:

class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController   
  skip_before_filter :verify_authenticity_token
  ...
end

[sishen]

Ah. The rails is detecting the CSRF attack and if the post request doesn't contain the token, will reset all the session data.

[theodorton]

Thank you for clarifying, I wasn't aware of that :) It still doesn't explain why it worked the other way around with Google Apps prior to Facebook authentication. May be that the omniauth-facebook gem does something to prevent this.

[sishen]

You can check the log. Maybe it's GET request instead of POST request for omniauth-facebook. However, I'm not sure. Glad you figured it out.

[sishen]

Copy from #6 by @tomjoro.

Add this to your Gemfile, and run bundle install (needs permissions).

gem "ruby-openid", :git => "git://github.com/kendagriff/ruby-openid.git", :ref => "79beaa419d4754e787757f2545331509419e222e"

If you still meet problems, comment here pls.

[kendagriff]

Thanks @sishen, I've submitted the pull request.