Created attachment 8629988 [details] 8bweq.png Getting an error logging in to bugzilla using a github account: An invalid state parameter was passed to the Github OAuth2 callback
Assignee: general → nobody
Component: Bugzilla-General → Extensions: GitHubAuth
Product: Bugzilla → bugzilla.mozilla.org
QA Contact: default-qa
Version: unspecified → Production
Just hit this as well, state is in the URL, so my suspicion is that https://github.com/mozilla/webtools-bmo-bugzilla/blob/061328fe4778f8b633e5441828c2962672603922/extensions/GitHubAuth/lib/Login.pm#L69 fails. Note, my alter ego failed, firstname.lastname@example.org.
steps to reproduce: 1. log out of bugzilla 2. navigate to https://bugzilla.mozilla.org/form.dev-engagement-event 3. choose "login with github" and authorise bugzilla
Summary: Github OAuth2 error on login → "An invalid state parameter was passed to the GitHub OAuth2 callback" error when logging in with github
Yet https://bugzilla-dev.allizom.org/form.dev.engagement.event works. This is interesting.
Traced this to the Bugzilla_github_token -- that cookie isn't available on the first page load, but is on subsequent page loads. Should be somewhat easy to fix. (this is why a session stash would be so much nicer)
Created attachment 8651974 [details] [diff] [review] 1180733_1.patch I thought $cgi->cookie was customized by bugzilla to look through the Bugzilla_cookie_list thing, apparently it is now. Rather than something complicated, I just also store the token in the request cache. Simple fix. If we grow sessions, it will make more sense to use those.
Attachment #8651974 - Flags: review?(glob)
Comment on attachment 8651974 [details] [diff] [review] 1180733_1.patch Review of attachment 8651974 [details] [diff] [review]: ----------------------------------------------------------------- r=glob
Attachment #8651974 - Flags: review?(glob) → review+
To ssh://email@example.com/webtools/bmo/bugzilla.git 77fbf1e..85adb94 master -> master
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.