Latest omniauth-facebook gem breaks devise

This is Carlos, Devise maintainer. Please keep an eye on that Pull Request linked above, I just shared how you can test it in your app there:

I'd recommend using the branch ref instead of the git ref directly:

gem 'devise', github: 'heartcombo/devise', branch: 'ca-omniauth-2'

With that you should be able to run bundle update devise omniauth which should hopefully give you OmniAuth 2 and this Devise branch. That should allow the app to boot up.

Lastly, if you've copied over the Devise shared links on your app, or if you have your own links to initiate the OmniAuth authentication flow, you need to make sure they're changed to use a form. (you can do that by using link_to with method: :post option for example, or using button_to, if that works for your app.) Please note that this is a requirement change in how OmniAuth work due to a security issue, read more.

If you run into any issues please comment back in GitHub, and we'll work to get them resolved soon so we can release a new Devise version that fully supports OmniAuth 2. Thanks.

Devise 4.8.0 (shipped yesterday) resolves this.

Please downgrade OmniAuth:

gem "omniauth", "~> 1.9.1"

That's worked for me.

Using

gem 'devise', github: 'heartcombo/devise', branch: 'ca-omniauth-2'

In Gemfile will fix the problem, awaiting a merge.

Updated my answer based on Carlos answer below, I was in a rush when I posted this using ref.

Thank You, Carlos for maintaining Devise.