Failed to get authentication details in web application

[Enet4]

Recently, I've been unable to log in to Higgs in order to classify the various records, both on my personal laptop and on my mobile phone. The first time I press Login, the following console error appears:

main.c1afafd5289564b03b0a.js:formatted:12109 ERROR DOMException: Failed to execute 'atob' on 'Window': The string to be decoded is not correctly encoded.
    at t.getAuthDetails (https://higgs.sobotics.org/main.c1afafd5289564b03b0a.js:1:409345)
    at t.Login (https://higgs.sobotics.org/main.c1afafd5289564b03b0a.js:1:410057)
    at e._next (https://higgs.sobotics.org/main.c1afafd5289564b03b0a.js:1:412169)
    at e.__tryOrUnsub (https://higgs.sobotics.org/main.c1afafd5289564b03b0a.js:1:217114)
    at e.next (https://higgs.sobotics.org/main.c1afafd5289564b03b0a.js:1:216283)
    at e._next (https://higgs.sobotics.org/main.c1afafd5289564b03b0a.js:1:215333)
    at e.next (https://higgs.sobotics.org/main.c1afafd5289564b03b0a.js:1:215004)
    at e.next (https://higgs.sobotics.org/main.c1afafd5289564b03b0a.js:1:220546)
    at e.next (https://higgs.sobotics.org/main.c1afafd5289564b03b0a.js:1:408953)
    at Qp (https://higgs.sobotics.org/main.c1afafd5289564b03b0a.js:1:469655)
_r @ main.c1afafd5289564b03b0a.js:formatted:12109
t.handleError @ main.c1afafd5289564b03b0a.js:formatted:12121
next @ main.c1afafd5289564b03b0a.js:formatted:12643
r @ main.c1afafd5289564b03b0a.js:formatted:11778
e.__tryOrUnsub @ main.c1afafd5289564b03b0a.js:formatted:9275
   ...

In this state, the browser has the local storage key access_token defined and is also present in the url's query string, and then with subsequent refreshes the _fb cookie disappears and the browser only shows a blank page with the same JavaScript error.

Is there something more in which I can assist here to track the problem down?

Browser:

• Brave (Desktop) Version 1.31.87, Chromium: 95.0.4638.54 (Official Build) (64-bit)
• Brave (Mobile) 1.30.87, Chromium 94.0.4606.71, Android 10

(Bringing the Brave shields down did not solve the problem)

[rjrudman]

Are you able to check that the token stored in local storage is a properly formatted JWT token? Are you able to run atob() in your console against that token?

[Enet4]

I just reproduced this in another desktop, and I have a hunch of what the culprit might be.

> var accessToken = localStorage.access_token
undefined
> accessToken.length
237
> atob
ƒ atob() { [native code] }
> atob(accessToken)
VM223:1 Uncaught DOMException: Failed to execute 'atob' on 'Window': The string to be decoded is not correctly encoded.
    at <anonymous>:1:1
(anonymous) @ VM223:1
> accessToken.split(' ').length
1
> accessToken.split('.').length
3
> atob(accessToken.split('.')[0])
'{"alg":"HS256","typ":"JWT"}'
> atob(accessToken.slice(accessToken.indexOf('.') + 1, accessToken.indexOf('_')))
'{"unique_name":"á\x95®'

I had changed my display name to include non-ASCII characters (ᕮ_ᑎᕮT4), and this probably broke the app. The last line above was all I could manage to grab from the unique_name property.

[rjrudman]

I'm not sure I'm following... accessToken is undefined but accessToken.length is not?

[Enet4]

Ah no, var abc = xyz always evaluates to undefined. The access token was indeed defined in the local storage. I had not shown the token verbatim here for precaution.

The problem was that a Unicode display name would either corrupt the token or make the application unable to decode it properly. After changing my display name to something simpler and logging in again, it worked fine. So the way to reproduce it is to have certain non-ASCII characters in the display name on Stack Overflow.

[rjrudman]

Oh right, of course - that makes more sense! So I've done a bit of digging and there are a few ways to fix this but I might just end up removing the display name from the token altogether. Not sure when I'll have time to look into this, but hopefully within the week. Thanks for the report!