session variable is empty

[yamarkz]

I'm trying to use this Gem in Rails API with devise_token_auth, but it didn't work.

It seems that session variable is empty. In the case of Google or Facebook, can see the value in the session variable.

Is this a bug in Gem? I would like to know if there is a way to fix it.

Some people seem to have encountered similar cases. ref

I'm trying this one too. ref

[gryphonandrook]

I'm having this same issue. Typically when I do a callback from Google or Facebook, I check to see if the user already has a session and if they do, I'll add the login to their user. If they don't, I'll look to see if they are already a user, if so, I log them in, if not I create a user for them and sign them in.

Can't seem to get anything to happen as it seems the call back gets a whole new session which is discarded as soon as I redirect to another page and it brings the original session back on the new page.

[Texicitys]

Same here.. Try to put protect_from_forgery :except => [:apple] on the top of your Users::OmniauthCallbacksController. It solved the problem for me.

[nov]

if you are using cookies, set SameSite=none
since Apple uses POST for callback, cookies aren't sent by default.

[salzig]

Instead of opening up the session to potential security risks, we may merge #107 and allow the nonce to be stored in its own encypted cookie?