Should I be worried of oAuth2 CallbackError messages?

(Non-technical User) #1

(facebook) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected

See this once in a while, like every few days.

(Sam Saffron) #2

I see them a bit in our logs, have no repro for the issue. I suspect either:

  1. Unknown browser quirk causing issues logging in to side through facebook

  2. Malicious attempt to do a “hack log in” that is being thwarted by system.

If you can provide us with a repro of the issue where a legitimate user is trying to log in and log in fails we can look at it.

(Dave McClure) #3

No repro, but I did have one user tell me they were unable to log in at a time that corresponded to one of these log messages… (using Google).