Closed Bug 1180733 Opened 4 years ago Closed 4 years ago

"An invalid state parameter was passed to the GitHub OAuth2 callback" error when logging in with github

Categories

(bugzilla.mozilla.org :: Extensions, defect)

Production
defect
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: mhaigh, Assigned: dylan)

Details

Attachments

(2 files)

Attached image 8bweq.png
Getting an error logging in to bugzilla using a github account: 
An invalid state parameter was passed to the Github OAuth2 callback
Assignee: general → nobody
Component: Bugzilla-General → Extensions: GitHubAuth
Product: Bugzilla → bugzilla.mozilla.org
QA Contact: default-qa
Version: unspecified → Production
Just hit this as well, state is in the URL, so my suspicion is that https://github.com/mozilla/webtools-bmo-bugzilla/blob/061328fe4778f8b633e5441828c2962672603922/extensions/GitHubAuth/lib/Login.pm#L69 fails.

Note, my alter ego failed, axel@pike.org.
steps to reproduce:

1. log out of bugzilla
2. navigate to https://bugzilla.mozilla.org/form.dev-engagement-event
3. choose "login with github" and authorise bugzilla
Summary: Github OAuth2 error on login → "An invalid state parameter was passed to the GitHub OAuth2 callback" error when logging in with github
Assignee: nobody → dylan
Traced this to the Bugzilla_github_token -- that cookie isn't available on the first page load, but is on subsequent page loads. 
Should be somewhat easy to fix.

(this is why a session stash would be so much nicer)
Attached patch 1180733_1.patchSplinter Review
I thought $cgi->cookie was customized by bugzilla to look through the Bugzilla_cookie_list thing, apparently it is now. Rather than something complicated, I just also store the token in the request cache. Simple fix. If we grow sessions, it will make more sense to use those.
Attachment #8651974 - Flags: review?(glob)
Comment on attachment 8651974 [details] [diff] [review]
1180733_1.patch

Review of attachment 8651974 [details] [diff] [review]:
-----------------------------------------------------------------

r=glob
Attachment #8651974 - Flags: review?(glob) → review+
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   77fbf1e..85adb94  master -> master
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Component: Extensions: GitHubAuth → Extensions
You need to log in before you can comment on or make changes to this bug.