Authentication failure on callback (crsf_detected)

[samratjp]

I'm using:

    omniauth-instagram (1.0.2)
      omniauth (~> 1)
      omniauth-oauth2 (~> 1)
    omniauth-oauth2 (1.3.1)
      oauth2 (~> 1.0)
      omniauth (~> 1.2)

ERROR -- omniauth: (instagram) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected

I don't know if this is helpful but found that this issue happens when you send along state and on callback it doesn't match.

And this is my callback url - Started
GET "/auth/instagram/callback?code=xxxxxxxxx&state=yyyyyyyy"

And my omniauth initializer setup is pretty vanilla too:

provider :instagram, OauthSecrets.instagram.client_id, OauthSecrets.instagram.client_secret

I assume this setup sends a state along? I know it's optiona but would be surprised if we're not doing this already?

Anyways, please let me know if you have any suggestions?

Thanks :)

[stevievines]

@samratjp any luck? I'm having the same issue with a very vanilla setup (not using devise). It works if I add provider_ignores_state: true in the config (as shown in that link you referenced), but it seems like that shouldn't be required. Interested to know if you've learned anything!