Build Ruby on Rails apps with Microsoft Graph Tutorial OmniAuth::AuthenticityError Forbidden Erros

Question

I am a complete newbie to Rails and Microsoft Graph/Omniauth etc and have become a bit stuck.

I have followed the https://learn.microsoft.com/en-us/graph/tutorials/ruby Build Ruby on Rails apps with Microsoft Graph Tutorial word for word. On the Add Azure AD authentication Implement sign-in where I get to start the server should be redirected to https://login.microsoftonline.com I get:

OmniAuth::AuthenticityError Forbidden.

I do not get directed to the login my URL is: http://localhost:3000/auth/microsoft_graph_auth when displaying the above error.

I am running Ruby 2.7. and not 2.6.6 (as stated in the documentation).

Does anyone have any pointers and/or advice?

Thanks in advance!

Application Trace | Framework Trace | Full Trace
omniauth (2.0.1) lib/omniauth/authenticity_token_protection.rb:27:in `deny'
rack-protection (2.1.0) lib/rack/protection/base.rb:54:in `react'
omniauth (2.0.1) lib/omniauth/authenticity_token_protection.rb:18:in `call!'
omniauth (2.0.1) lib/omniauth/authenticity_token_protection.rb:11:in `call'
omniauth (2.0.1) lib/omniauth/strategy.rb:236:in `request_call'
omniauth (2.0.1) lib/omniauth/strategy.rb:192:in `call!'
omniauth (2.0.1) lib/omniauth/strategy.rb:169:in `call'
omniauth (2.0.1) lib/omniauth/builder.rb:45:in `call'
rack (2.2.3) lib/rack/tempfile_reaper.rb:15:in `call'
rack (2.2.3) lib/rack/etag.rb:27:in `call'
rack (2.2.3) lib/rack/conditional_get.rb:40:in `call'
rack (2.2.3) lib/rack/head.rb:12:in `call'
actionpack (6.0.3.4) lib/action_dispatch/http/content_security_policy.rb:18:in `call'
rack (2.2.3) lib/rack/session/abstract/id.rb:266:in `context'
rack (2.2.3) lib/rack/session/abstract/id.rb:260:in `call'
actionpack (6.0.3.4) lib/action_dispatch/middleware/cookies.rb:648:in `call'
activerecord (6.0.3.4) lib/active_record/migration.rb:567:in `call'
actionpack (6.0.3.4) lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'
activesupport (6.0.3.4) lib/active_support/callbacks.rb:101:in `run_callbacks'
actionpack (6.0.3.4) lib/action_dispatch/middleware/callbacks.rb:26:in `call'
actionpack (6.0.3.4) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (6.0.3.4) lib/action_dispatch/middleware/actionable_exceptions.rb:18:in `call'
actionpack (6.0.3.4) lib/action_dispatch/middleware/debug_exceptions.rb:32:in `call'
web-console (4.1.0) lib/web_console/middleware.rb:132:in `call_app'
web-console (4.1.0) lib/web_console/middleware.rb:28:in `block in call'
web-console (4.1.0) lib/web_console/middleware.rb:17:in `catch'
web-console (4.1.0) lib/web_console/middleware.rb:17:in `call'
actionpack (6.0.3.4) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
railties (6.0.3.4) lib/rails/rack/logger.rb:37:in `call_app'
railties (6.0.3.4) lib/rails/rack/logger.rb:26:in `block in call'
activesupport (6.0.3.4) lib/active_support/tagged_logging.rb:80:in `block in tagged'
activesupport (6.0.3.4) lib/active_support/tagged_logging.rb:28:in `tagged'
activesupport (6.0.3.4) lib/active_support/tagged_logging.rb:80:in `tagged'
railties (6.0.3.4) lib/rails/rack/logger.rb:26:in `call'
sprockets-rails (3.2.2) lib/sprockets/rails/quiet_assets.rb:13:in `call'
actionpack (6.0.3.4) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
actionpack (6.0.3.4) lib/action_dispatch/middleware/request_id.rb:27:in `call'
rack (2.2.3) lib/rack/method_override.rb:24:in `call'
rack (2.2.3) lib/rack/runtime.rb:22:in `call'
activesupport (6.0.3.4) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
actionpack (6.0.3.4) lib/action_dispatch/middleware/executor.rb:14:in `call'
actionpack (6.0.3.4) lib/action_dispatch/middleware/static.rb:126:in `call'
rack (2.2.3) lib/rack/sendfile.rb:110:in `call'
actionpack (6.0.3.4) lib/action_dispatch/middleware/host_authorization.rb:82:in `call'
webpacker (4.3.0) lib/webpacker/dev_server_proxy.rb:23:in `perform_request'
rack-proxy (0.6.5) lib/rack/proxy.rb:57:in `call'
railties (6.0.3.4) lib/rails/engine.rb:527:in `call'
puma (4.3.7) lib/puma/configuration.rb:228:in `call'
puma (4.3.7) lib/puma/server.rb:713:in `handle_request'
puma (4.3.7) lib/puma/server.rb:472:in `process_client'
puma (4.3.7) lib/puma/server.rb:328:in `block in run'
puma (4.3.7) lib/puma/thread_pool.rb:134:in `block in spawn_thread'
Request
Parameters:

{"_method"=>"post", "authenticity_token"=>"lAY5YLY5Lx8xv4+iyfDk/MuG6OwqBn6vUrzUEw26qw/1ZrdKCupamEKdDbpwK+8s5qjM7YntYffqLTwPB1jtsQ=="}
Toggle session dump
_csrf_token: "8gciHGHmLp07eqP3Qs8CZrjW2xhBqQ6yHsweK9pMOkM="
csrf: "95lfFRsk0iDvSyekGINXdb/tmKszz7i4ksTVwgU2vf0="
omniauth.params: {}
Toggle env dump
GATEWAY_INTERFACE: "CGI/1.2"
HTTP_ACCEPT: "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
HTTP_ACCEPT_ENCODING: "gzip, deflate, br"
HTTP_ACCEPT_LANGUAGE: "en-US,en;q=0.9,de;q=0.8,fr;q=0.7"
HTTP_CACHE_CONTROL: "max-age=0"
HTTP_ORIGIN: "http://localhost:3000"
HTTP_VERSION: "HTTP/1.1"
ORIGINAL_SCRIPT_NAME: ""
REMOTE_ADDR: "::1"
SERVER_NAME: "localhost"
SERVER_PROTOCOL: "HTTP/1.1"

Answer 1

Actually, I had this same error. The cause was the gem onmiauth, which is a dependency of omniauth-oauth2 was installed as v2.0.2 and there were breaking changes from version 1.9.1

I added the following line to my Gemfile:

gem 'omniauth', '~> 1' # load highest level of omniauth v1, 1.9.1 at the time of this post

Then run bundle update to update the versions used in the app.

Run the server with rails server and it works!