diff --git a/CHANGELOG.md b/CHANGELOG.md
index ddf57cd..a49ff40 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### 0.0.2 (2023-10-05)
+
+* **Fix**: Accept callback requests without CSRF protection.
+  This enables IdP-initiated sessions.
+
 ### 0.0.1 (2023-03-13)
 
 Initial release
diff --git a/README.md b/README.md
index 1a2991d..186d057 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ Add `ueberauth_workos` as a dependency in `mix.exs` and run `mix deps.get`:
 def deps do
   [
     {:ueberauth, "~> 0.10"},
-    {:ueberauth_workos, "~> 0.0.1"}
+    {:ueberauth_workos, "~> 0.0.2"}
   ]
 end
 ```
diff --git a/lib/ueberauth/strategy/workos.ex b/lib/ueberauth/strategy/workos.ex
index 8cd64d3..67f3140 100644
--- a/lib/ueberauth/strategy/workos.ex
+++ b/lib/ueberauth/strategy/workos.ex
@@ -62,7 +62,8 @@ defmodule Ueberauth.Strategy.WorkOS do
   If you use an email address to determine the connection selector, then it is advisable to use the
   same email address as the `login_hint`.
   """
-  use Ueberauth.Strategy
+  use Ueberauth.Strategy,
+    ignores_csrf_attack: true
 
   alias Ueberauth.Auth.Credentials
   alias Ueberauth.Auth.Extra
diff --git a/mix.exs b/mix.exs
index 623f135..a35041e 100644
--- a/mix.exs
+++ b/mix.exs
@@ -1,7 +1,7 @@
 defmodule UeberauthWorkos.MixProject do
   use Mix.Project
 
-  @version "0.0.1"
+  @version "0.0.2"
   @source_url "https://github.com/codesandbox/ueberauth_workos"
 
   def project do