I am using Phoenix version 1.3 and the UeberAuth "~> 0.6". I am currently receiving a CRSF error that I don't think should be happening, but I may well be making an error.
In my router.ex file, I have the following:
scope "/auth", DiscussWeb do
pipe_through :browser
get "/:provider", AuthController, :request
get "/:provider/callback", AuthController, :callback
end
In my controller file, the callback is as follows:
def callback(conn, params) do
callback_t(conn, params)
conn
|> put_flash(:info, "Github Authenticate?")
|> redirect(to: Routes.topic_path(conn, :index))
end
defp callback_t(conn, params) do
IO.puts "+++"
IO.inspect(conn.assigns)
IO.puts "+++"
IO.inspect(params)
IO.puts "+++"
end
In the browser, I do get redirected to GitHub to login. However, I get the following response:
debug] Processing with DiscussWeb.AuthController.callback/2
Parameters: %{"code" => "908a69a812c17af0ab0b", "provider" => "github"}
Pipelines: [:browser]
+++
%{
ueberauth_failure: %Ueberauth.Failure{
errors: [
%Ueberauth.Failure.Error{
message: "Cross-Site Request Forgery attack",
message_key: :csrf_attack
}
],
provider: :github,
strategy: Ueberauth.Strategy.Github
}
}
+++
%{"code" => "908a69a812c17af0ab0b", "provider" => "github"}
+++
[info] Sent 302 in 4ms
[info] GET /
Is this expected? It seems like I am actually logged in because if I try the same thing in the browser, I do not have to login to GitHub. However, there is also a CRSF failure that is happening that I'm not sure how to deal with and there is no way to get the info I need from the conn.assigns variable.
Any help or advice would be greatly appreciated!
I had to use an older versions of Ueberauth and Ueberauth_Github to make it work properly:
My deps in the mix.exs file: