Using Rails 4 and ruby 2.1.2
I need to implement a few informative pages, but there is a form in one of the pages. Only if the form is submit an authentication kicks in. There is only one authentication method desired: OpenID, with one existing provider.
I did a simple prototype, and I get redirected to login at the OpenID provider. However, when coming back, I get the InvalidAuthenticityToken error.
Reading for example this question: ActionController::InvalidAuthenticityToken in RegistrationsController#create I suspect it has to do with the redirect. I actually submit the form, but get redirected to the OpenID provider first, and then back to the POST action URL of the form. On these redirections I guess the form token, which I build in the form with form_for, gets lost.
How could I do this correctly? My next attempt will probably be trying to catch the submit event, doing a XHR request for the OpenID authentication, and only after coming back from there that I'd truly submit the form. But I foresee trouble here, as for an effective OpenID login, I probably need to open a new window in order to effectively perform the redirects, and I am not sure how to not get lost in the process...;)
Here's what I have so far (hey it's a prototype, I just used url: sites_path as options for form_for, thus going to the /sites URL, mapping to create ;) )
class SitesController < ApplicationController
@@openid_url_base = "myprovider.org"
def create
openid_url = @@openid_url_base + login
openid_authentication(openid_url)
end
