I’ve been trying (and failing) to setup Ueberauth to allow a user to authenticate with GitHub.
The issue I’m running into is CSRF, Ueberauth adds a
state query param when making the request to GitHub and it stores this in a cookie. The user authenticates with GitHub and is sent back to the site where we check the state param matches the cookie.
As far as I can tell, Ueberauth correctly sets the state param and the cookie on request but when GitHub hits the callback URL, the state cookie is removed before checking a match. This leads to a CSRF error.
Any ideas or working examples would be much appreciated. I’m going to try create a minimal example with a new project to see if there’s something specific about the project as so far, nothing has worked and I’ve resorted to stepping through Ueberauth source code to identify the problem.
Thanks for taking the time to read my question!