Last Comment Bug 1180733 - "An invalid state parameter was passed to the GitHub OAuth2 callback" error when logging in with github
: "An invalid state parameter was passed to the GitHub OAuth2 callback" error w...
Classification: Other
Component: Extensions: GitHubAuth (show other bugs)
: Production
: Unspecified Unspecified
-- normal (vote)
: ---
Assigned To: Dylan Hardison [:dylan]
Depends on:
  Show dependency treegraph
Reported: 2015-07-06 08:30 PDT by Martyn Haigh (:mhaigh)
Modified: 2015-08-24 20:57 PDT (History)
3 users (show)
See Also:
Due Date:
QA Whiteboard:
Iteration: ---
Points: ---

8bweq.png (69.67 KB, image/png)
2015-07-06 08:30 PDT, Martyn Haigh (:mhaigh)
no flags Details
1180733_1.patch (1.92 KB, patch)
2015-08-24 14:07 PDT, Dylan Hardison [:dylan]
glob: review+
Details | Diff | Splinter Review

Description User image Martyn Haigh (:mhaigh) 2015-07-06 08:30:33 PDT
Created attachment 8629988 [details]

Getting an error logging in to bugzilla using a github account: 
An invalid state parameter was passed to the Github OAuth2 callback
Comment 1 User image Axel Hecht [:Pike] 2015-07-17 08:32:27 PDT
Just hit this as well, state is in the URL, so my suspicion is that fails.

Note, my alter ego failed,
Comment 2 User image Byron Jones ‹:glob› 2015-08-19 07:04:01 PDT
steps to reproduce:

1. log out of bugzilla
2. navigate to
3. choose "login with github" and authorise bugzilla
Comment 3 User image Dylan Hardison [:dylan] 2015-08-19 07:30:04 PDT
Yet works. This is interesting.
Comment 4 User image Dylan Hardison [:dylan] 2015-08-19 07:42:39 PDT
Traced this to the Bugzilla_github_token -- that cookie isn't available on the first page load, but is on subsequent page loads. 
Should be somewhat easy to fix.

(this is why a session stash would be so much nicer)
Comment 5 User image Dylan Hardison [:dylan] 2015-08-24 14:07:49 PDT
Created attachment 8651974 [details] [diff] [review]

I thought $cgi->cookie was customized by bugzilla to look through the Bugzilla_cookie_list thing, apparently it is now. Rather than something complicated, I just also store the token in the request cache. Simple fix. If we grow sessions, it will make more sense to use those.
Comment 6 User image Byron Jones ‹:glob› 2015-08-24 20:57:09 PDT
Comment on attachment 8651974 [details] [diff] [review]

Review of attachment 8651974 [details] [diff] [review]:

Comment 7 User image Byron Jones ‹:glob› 2015-08-24 20:57:18 PDT
To ssh://
   77fbf1e..85adb94  master -> master

Note You need to log in before you can comment on or make changes to this bug.