From d7124ba5251b0b8833ced28252bf8065590fd224 Mon Sep 17 00:00:00 2001 From: Jessica Kerr Date: Sat, 30 May 2020 21:51:11 -0500 Subject: [PATCH] Please make the implementation work in development The suggested implementation doesn't work in development. It produces a few errors that are baffling to a newbie. I'm here with a rails expert (@avdi) and it took the two of us a long time to get this working as far as you intended it to. The development form issues a POST, not a GET. I don't yet know what the other sites do, but POST is necessary for omniauth to work in development. And the verify_authentication_token check fails, so somehow this has to be worked around in order to trigger the create action. Please please, for newbies, I don't know that these are the right changes, but make it so that people new to Rails and Omniauth can run in development mode immediately. --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0d3f5e4..f2de457 100644 --- a/README.md +++ b/README.md @@ -86,7 +86,7 @@ steps are necessary for your application. For example, in a Rails app I would add a line in my `routes.rb` file like this: ```ruby -get '/auth/:provider/callback', to: 'sessions#create' +post '/auth/:provider/callback', to: 'sessions#create' ``` And I might then have a `SessionsController` with code that looks @@ -94,6 +94,8 @@ something like this: ```ruby class SessionsController < ApplicationController + skip_before_action :verify_authenticity_token, only: :create unless Rails.env.production? + def create @user = User.find_or_create_from_auth_hash(auth_hash) self.current_user = @user