Project

General

Profile

Actions

Bug #15426

closed

auth.curoverse.com login loop in Firefox

Added by Peter Amstutz over 5 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
-
Category:
-
Target version:
Story points:
-
Release relationship:
Auto

Description

Since yesterday (June 25) I can't log in with Firefox 67. I go to auth.curoverse.com, which redirects me to Google, after logging in to Google, it sends me to auth.curoverse.com, at this point it is supposed to send me back to the API server, but instead it sends me back to Google.

The broken flow:

302 auth.curoverse.com/users/auth/google_oauth2/callback?
302 auth.curoverse.com/auth/josh_id/authorize?
302 auth.curoverse.com/auth/josh_id/authorize?
302 auth.curoverse.com/users/sign_in
302 auth.curoverse.com/users/auth/google_oauth2

Strangely, the 1st authorize sends it back to the exact same URL. The cookie is different between the requests. Apparently the 1st request should have sent it to the API server at 4xphq.arvadosapi.com/auth/joshid/callback .

Logging in with Chromium 73 works.

The working flow:

302 accounts.google.com/signin/oauth/consent
302 auth.curoverse.com/users/auth/google_oauth2/callback
302 auth.curoverse.com/auth/josh_id/authorize
302 4xphq.arvadosapi.com/auth/joshid/callback


Subtasks 1 (0 open1 closed)

Task #15427: Review 15426-login-loop ResolvedLucas Di Pentima06/27/2019Actions
Actions

Also available in: Atom PDF