Arvados

Started GET "/" for 127.0.0.1 at 2014-11-17 14:27:34 -0500
Processing by AuthController#welcome as HTML
Rendered auth/welcome.html.erb within layouts/application (1.6ms)
Completed 500 Internal Server Error in 16ms

ActionView::Template::Error (application.css isn't precompiled):
    2: <html>
    3: <head>
    4:   <title>CfiOauthProvider</title>
    5:   <%= stylesheet_link_tag    "application", :media => "all" %>
    6:   <%= javascript_include_tag "application" %>
    7:   <%= csrf_meta_tags %>
    8: </head>
  app/views/layouts/application.html.erb:5:in `_app_views_layouts_application_html_erb__1919252491310798925_40904760'

This seems like it might be the root cause of the redirection issue:

https://code.google.com/p/gdata-issues/issues/detail?id=6628

commit:cfd47c9a7abf514ce34fb6f762850bafdb33bace in the sso-provider repository fixes the actual 500 error.

However, there is still a problem with redirects, where Google's sign in page actually causes the browser to visit the callback more than once. The first callback removes the redirect from the session, but the user actually sees the result of the 2nd callback, which doesn't have the redirect any more and so they end up at a generic page, which was the one that was broken and fixed in the above commit.

On google's side, the problem of getting more than one callback may be fixed on OAuth2 login page, although the bug report in note #6 is for OAuth2 and not OpenId.

The missing redirect problem wouldn't be such a big deal except that the fallback "welcome" page consists of simply a hardcoded link to qr1hi. If we had #3312, this page could actually be useful.

Fixes related to this are merged into #4570, please review it there.