Description
I have a sign-in page where I'm rendering the form and authenticity token to start the request phase for google oauth. Sometimes it renders with a token value, but sometimes the token value is blank. This seems to be triggered when my sign out flow happens, which I accomplish with this code:
get "/users/sign_out" do
env['rack.session.options'][:drop] = true
return redirect <sign_in_url>
end
I can get the authenticity token to re-render again but only after I attempt to start authentication by posting to /auth/google_oauth2 and getting redirected to /auth/failure, and then refreshing the sign in page again.
Is there another way I should be signing out/dropping the session that doesn't result in a blank authenticity token the next time it's rendered?
Configuration
- Provider Gem:
omniauth-google-oauth2 - Ruby Version:
2.5.1 - Framework:
Sinatra - Platform:
phusion/passenger-ruby25 container
Expected Behavior
An authenticity token should be rendered on each request of the page.
Actual Behavior
The hidden input for authenticity_token renders with no value.
Steps to Reproduce
In a sinatra route like my sign_out, redirect to the sign in page that renders the authenticity token - it's blank. Attempt to authenticate anyway and go through the /auth/failure handler. Go back to the sign in page manually and refresh. Token renders again.