We are trying to deploy discourse forums in production mode. We are using our own oauth provider and hence using discourse-oauth2-basic plugin to enable the same.
We are seeing the following error when login in with our custom oauth provider:
“Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected”
After some debugging, it is seen that the “omniauth.state” is missing in the session after the redirect happens and hence unable to validate the state field in the /auth/oauth2_callback. Any help would be appreciated.
Note: The entire setup is working fine in the development mode