[ENG-343] CLI Login not working through Safari

Infisical / infisical

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI

https://infisical.com

Other

15.52k stars 957 forks source link

[ENG-343] CLI Login not working through Safari #1235

Closed hhaustreis closed 2 months ago

hhaustreis commented 11 months ago

Describe the bug

When attempting to login using infisical login it opens the website on safari, prompts me to login but when I get to the master password phase it returns an error message stating it is wrong while it is the exact same i use when logging in normally. Being preemptively logged in does not make a difference either. This is only an issue on Safari. It works as expected on a Chromium-based browser.

To Reproduce

Steps to reproduce the behavior:

Run infisical login
Select Infisical Cloud
Open the URL in Safari
Select Continue with SSO
Input SSO Identifier
Input Master Password

Expected behavior

Expected behaviour would be running infisical login and the login completing successfully.

Screenshots

Platform you are having the issue on:

MacOS Sonoma 14.1.1 Browser: Safari

Additional context

It works as intended when using a Chrome-based browser so this seems to be Safari specific.

_{From SyncLinear.com | ENG-343}

ankit-pn commented 11 months ago

I want to work on this issue. So does anyone here assign this issue to me or I can directly start working on it?

akhilmhdh commented 11 months ago

CC: @maidul98 already has some insights into this. Kindly go through with him for more information on this.

This is an identified issue on token exchange with browser based login from cli using brave or safari

ankit-pn commented 11 months ago

Thanks @akhilmhdh. I am trying to figure out issue behind it and it would be very helpful if @maidul98 provide his insight on it.

ankit-pn commented 11 months ago

For both browser issue is related to inbuilt security features of browsers which is blocking a network calls [POST] to 121.0.0.1 from https://app.infisical.com/login .

In brave browser we are getting error as

POST http://127.0.0.1:55036/ net::ERR_BLOCKED_BY_CLIENT

which clearly means that brave shield is blocking call to localhost server which is used for cli authentication.

You can resolve this issue by turning off brave shield or do the steps that is maintained in ref article.

Ref. -> Brave Community Post Link Related to this issue

Safari do have similar issue and error that we are getting is

XMLHttpRequest cannot load http://127.0.0.1:64824/ due to access control checks.

This can be corrected by enabling developer option in Settings.

Safari>Settings>Advanced>Show Features for web developers

and then

Safari>Settings>Developer>Disable Cross Origin Restrictions .

ankit-pn commented 11 months ago

Is there any way be which we can resolve this issue without users need to change there browser settings? @maidul98 any suggestion?

akhilmhdh commented 2 months ago

This has been fixed with our recent release of CLI