Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC: retrying a sign-in from the error page returns to error page even on success #1383

Open
1 of 2 tasks
jonathanperret opened this issue Jan 16, 2025 · 0 comments · May be fixed by #1384
Open
1 of 2 tasks

OIDC: retrying a sign-in from the error page returns to error page even on success #1383

jonathanperret opened this issue Jan 16, 2025 · 0 comments · May be fixed by #1384
Assignees
@jonathanperret
Labels
gouv.fr

Comments

@jonathanperret
Copy link
Collaborator

Describe the current behavior

When an OIDC sign-in attempt fails and the user is shown a Grist error page with a Sign in again button:

Image

Then, even when the new attempt succeeds, the user is still shown the error page (despite now being signed in, as shown in the top right corner).

Image

Steps to reproduce

  1. Begin an OIDC login process from an unauthenticated Grist tab
  2. Before completing the login process, clear the Grist cookies from the browser (this can be done from a separate tab in the same browser browsing the same Grist instance) — note that this is one way of reliably producing an OIDC callback error, but any other error sent by the OIDC provider would result in the behavior described below
  3. Complete the OIDC login process: Grist shows an error (as expected) and offers to try signing in again
  4. When the user clicks "sign in again", assuming there is no further OIDC error, the login process completes, but the user is still shown Grist's OIDC error page instead of a workspace home page.
grist-oidc-stuck-on-sign-in.mp4

Describe the expected behavior

When retrying an OIDC sign-in succeeds, the user should end up on the same page they would have if the initial attempt had succeeded.

Image

Where have you encountered this bug?

Instance information (when self-hosting only)

  • Grist instance:

    • Version: main (commit d06def9)
    • URL (if it's OK for you to share it): http://grist-home.127.0.0.1.nip.io:8484/

  • Server log:

2025-01-16 16:49:22.979 - debug: Got tokenSet: {
  access_token: 'REDACTED',
  expires_at: 1737042862,
  refresh_expires_in: 'REDACTED',
  refresh_token: 'REDACTED',
  token_type: 'Bearer',
  id_token: 'REDACTED',
  'not-before-policy': 'REDACTED',
  session_state: 'REDACTED',
  scope: 'openid profile email'
}
2025-01-16 16:49:22.992 - debug: Got userinfo: {
  sub: '6083386c-4400-470a-97ef-ebcd9b0e685b',
  email_verified: true,
  name: 'Grist User',
  preferred_username: 'gristuser',
  given_name: 'Grist',
  family_name: 'User',
  email: '[email protected]'
}
2025-01-16 16:49:22.993 - info: OIDCConfig: got OIDC response for [email protected] (Grist User) redirecting to http://grist-home.127.0.0.1.nip.io:8484/oauth2/callback?state=yBk247GU1Bgrq7s0B9DwDG_hRiqACa8MrFyCwaaXPg8&session_state=2baf8096-5983-4134-8b1e-e4cb985f059b&code=df2cc666-4174-46ea-8e28-2ead34e2a712.2baf8096-5983-4134-8b1e-e4cb985f059b.4e3c8c21-1ae6-410c-b12f-82da9c17959b
2025-01-16 16:49:23.004 - error: OIDC callback failed: Error: Login or logout failed to complete
    at checkIsSet (/Users/jonathanperret/src/grist-core/_build/app/server/lib/oidc/Protections.js:9:15)
    at StateProtection.getCallbackChecks (/Users/jonathanperret/src/grist-core/_build/app/server/lib/oidc/Protections.js:61:20)
    at ProtectionsManager.getCallbackChecks (/Users/jonathanperret/src/grist-core/_build/app/server/lib/oidc/Protections.js:96:46)
    at OIDCConfig.handleCallback (/Users/jonathanperret/src/grist-core/_build/app/server/lib/OIDCConfig.js:184:52)
    at Layer.handle [as handle_request] (/Users/jonathanperret/src/grist-core/node_modules/express/lib/router/layer.js:95:5)
    at next (/Users/jonathanperret/src/grist-core/node_modules/express/lib/router/route.js:149:13)
    at Route.dispatch (/Users/jonathanperret/src/grist-core/node_modules/express/lib/router/route.js:119:3)
    at Layer.handle [as handle_request] (/Users/jonathanperret/src/grist-core/node_modules/express/lib/router/layer.js:95:5)
    at /Users/jonathanperret/src/grist-core/node_modules/express/lib/router/index.js:284:15
    at Function.process_params (/Users/jonathanperret/src/grist-core/node_modules/express/lib/router/index.js:346:12)
    at next (/Users/jonathanperret/src/grist-core/node_modules/express/lib/router/index.js:280:10)
    at jsonParser (/Users/jonathanperret/src/grist-core/node_modules/body-parser/lib/types/json.js:113:7)
    at Layer.handle [as handle_request] (/Users/jonathanperret/src/grist-core/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/Users/jonathanperret/src/grist-core/node_modules/express/lib/router/index.js:328:13)
    at /Users/jonathanperret/src/grist-core/node_modules/express/lib/router/index.js:286:9
    at Function.process_params (/Users/jonathanperret/src/grist-core/node_modules/express/lib/router/index.js:346:12)
@jonathanperret jonathanperret self-assigned this Jan 16, 2025
@jonathanperret jonathanperret linked a pull request Jan 16, 2025 that will close this issue
Open
4 tasks
@fflorent fflorent moved this to Needs feedback in French administration Board Jan 16, 2025
@fflorent fflorent moved this from Needs feedback to In Progress in French administration Board Jan 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jonathanperret jonathanperret

Labels
gouv.fr
Projects
French administration Board
Status: In Progress
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Avoid using oidc callback URL as post-login URL jonathanperret/grist-core
2 participants
@jonathanperret @fflorent