Updating Omniauth from version 1 to 2

We recently updated a Rails app from Omniauth 1 to 2. We did some research and used the Omniauth upgrade wiki. It looked complicated but in the end, there were only two changes required.

Making buttons POST requests

We use link_to to generate our ‘Sign in with GitHub’ buttons. The code looks like this:

<%= link_to "Sign in with GitHub", user_github_omniauth_authorize_path, class: 'btn btn-outline-primary' %>

This won’t work with Omniauth 2 because POST is now the only allowed request_phase method. You can solve this easily by forcing the link_to to be a POST, by adding method: post:

<%= link_to "Sign in with GitHub", user_github_omniauth_authorize_path, method: post, class: 'btn btn-outline-primary' %>

Adding omniauth-rails_csrf_protection

After updating your Omniauth request phase links to POST requests, the next thing to do is include the omniauth-rails_csrf_protection gem. This will insert a Rails CSRF token verifier at the before request phase. Rails handles CSRF tokens in form helpers by default but for manually crafted link_to buttons, you’ll need the omniauth-rails_csrf_protection gem to add a CSRF token verifier.

That’s it! Re-load your Rails app and Omniauth will be working.