"An invalid state parameter was passed to the GitHub OAuth2 callback" error when logging in with github

RESOLVED FIXED

Status

()

bugzilla.mozilla.org
Extensions: GitHubAuth
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: mhaigh, Assigned: dylan)

Tracking

Production

Details

Attachments

(2 attachments)

(Reporter)

Description

2 years ago
Created attachment 8629988 [details]
8bweq.png

Getting an error logging in to bugzilla using a github account: 
An invalid state parameter was passed to the Github OAuth2 callback
Assignee: general → nobody
Component: Bugzilla-General → Extensions: GitHubAuth
Product: Bugzilla → bugzilla.mozilla.org
QA Contact: default-qa
Version: unspecified → Production

Comment 1

2 years ago
Just hit this as well, state is in the URL, so my suspicion is that https://github.com/mozilla/webtools-bmo-bugzilla/blob/061328fe4778f8b633e5441828c2962672603922/extensions/GitHubAuth/lib/Login.pm#L69 fails.

Note, my alter ego failed, axel@pike.org.
steps to reproduce:

1. log out of bugzilla
2. navigate to https://bugzilla.mozilla.org/form.dev-engagement-event
3. choose "login with github" and authorise bugzilla
Summary: Github OAuth2 error on login → "An invalid state parameter was passed to the GitHub OAuth2 callback" error when logging in with github
(Assignee)

Updated

2 years ago
Assignee: nobody → dylan
(Assignee)

Comment 3

2 years ago
Yet https://bugzilla-dev.allizom.org/form.dev.engagement.event works. This is interesting.
(Assignee)

Comment 4

2 years ago
Traced this to the Bugzilla_github_token -- that cookie isn't available on the first page load, but is on subsequent page loads. 
Should be somewhat easy to fix.

(this is why a session stash would be so much nicer)
(Assignee)

Comment 5

2 years ago
Created attachment 8651974 [details] [diff] [review]
1180733_1.patch

I thought $cgi->cookie was customized by bugzilla to look through the Bugzilla_cookie_list thing, apparently it is now. Rather than something complicated, I just also store the token in the request cache. Simple fix. If we grow sessions, it will make more sense to use those.
Attachment #8651974 - Flags: review?(glob)
Comment on attachment 8651974 [details] [diff] [review]
1180733_1.patch

Review of attachment 8651974 [details] [diff] [review]:
-----------------------------------------------------------------

r=glob
Attachment #8651974 - Flags: review?(glob) → review+
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   77fbf1e..85adb94  master -> master
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.