Unable to get this to work with Omniauth v2

[TigerWolf]

It looks like Omniauth v2 is quite a big change and it doesnt appear that this works anymore. https://github.com/omniauth/omniauth/wiki/Upgrading-to-2.0

Im trying using the demo application in config.ru and I keep getting CSRF errors.

Sorry that I dont have anything more detailed on this problem.

OmniAuth::Strategies::OAuth2::CallbackError at /auth/cognito-idp/callback
csrf_detected | CSRF detected

file: failure_endpoint.rb location: raise_out! line: 25

[developius]

For anyone else bumping into a similar issue, make sure you're initiating the sign-in flow with a post request to the local endpoint. You can't redirect to the cognito hosted URL without going through this flow, as the state parameter won't be appended and you'll get a CSRF error like above.

I was able to get this working with:

omniauth (2.1.2)
omniauth-cognito-idp (0.1.1)
omniauth-rails_csrf_protection (1.0.1)

You'll need something like this:

<%= form_with url: "/auth/cognito_idp", method: :post do %>
  <input type="submit" value="Sign in with SSO" />
<% end %>