The default bug view has changed. See this FAQ.

"An invalid state parameter was passed to the GitHub OAuth2 callback" error when logging in with github

RESOLVED FIXED

Status

()

bugzilla.mozilla.org
Extensions: GitHubAuth
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: mhaigh, Assigned: dylan)

Tracking

Production

Details

Attachments

(2 attachments)

(Reporter)

Description

2 years ago
Created attachment 8629988 [details]
8bweq.png

Getting an error logging in to bugzilla using a github account: 
An invalid state parameter was passed to the Github OAuth2 callback
Assignee: general → nobody
Component: Bugzilla-General → Extensions: GitHubAuth
Product: Bugzilla → bugzilla.mozilla.org
QA Contact: default-qa
Version: unspecified → Production

Comment 1

2 years ago
Just hit this as well, state is in the URL, so my suspicion is that https://github.com/mozilla/webtools-bmo-bugzilla/blob/061328fe4778f8b633e5441828c2962672603922/extensions/GitHubAuth/lib/Login.pm#L69 fails.

Note, my alter ego failed, axel@pike.org.
steps to reproduce:

1. log out of bugzilla
2. navigate to https://bugzilla.mozilla.org/form.dev-engagement-event
3. choose "login with github" and authorise bugzilla
Summary: Github OAuth2 error on login → "An invalid state parameter was passed to the GitHub OAuth2 callback" error when logging in with github
(Assignee)

Updated

2 years ago
Assignee: nobody → dylan
(Assignee)

Comment 3

2 years ago
Yet https://bugzilla-dev.allizom.org/form.dev.engagement.event works. This is interesting.
(Assignee)

Comment 4

2 years ago
Traced this to the Bugzilla_github_token -- that cookie isn't available on the first page load, but is on subsequent page loads. 
Should be somewhat easy to fix.

(this is why a session stash would be so much nicer)
(Assignee)

Comment 5

2 years ago
Created attachment 8651974 [details] [diff] [review]
1180733_1.patch

I thought $cgi->cookie was customized by bugzilla to look through the Bugzilla_cookie_list thing, apparently it is now. Rather than something complicated, I just also store the token in the request cache. Simple fix. If we grow sessions, it will make more sense to use those.
Attachment #8651974 - Flags: review?(glob)
Comment on attachment 8651974 [details] [diff] [review]
1180733_1.patch

Review of attachment 8651974 [details] [diff] [review]:
-----------------------------------------------------------------

r=glob
Attachment #8651974 - Flags: review?(glob) → review+
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   77fbf1e..85adb94  master -> master
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.