We recently updated a Rails app from Omniauth 1 to 2. We did some research and used the Omniauth upgrade wiki. It looked complicated but in the end, there were only two changes required.
Making buttons POST requests
link_to to generate our ‘Sign in with GitHub’ buttons. The code looks like this:
1 <%= link_to "Sign in with GitHub", user_github_omniauth_authorize_path, class: 'btn btn-outline-primary' %>
This won’t work with Omniauth 2 because POST is now the only allowed request_phase method. You can solve this easily by forcing the
link_to to be a POST, by adding
1 <%= link_to "Sign in with GitHub", user_github_omniauth_authorize_path, method: post, class: 'btn btn-outline-primary' %>
After updating your Omniauth request phase links to POST requests, the next thing to do is include the
omniauth-rails_csrf_protection gem. This will insert a Rails CSRF token verifier at the before request phase. Rails handles CSRF tokens in form helpers by default but for manually crafted
link_to buttons, you’ll need the
omniauth-rails_csrf_protection gem to add a CSRF token verifier.
That’s it! Re-load your Rails app and Omniauth will be working.