search

cisagov / manage.get.gov

A Django-based domain name registrar used by the .gov domain to communicate with an EPP registry
https://get.gov
Other
57 stars 17 forks source link

401 Unauthorized when clicking "Back to .gov Registrar" #1509

Open zandercymatics opened 9 months ago

zandercymatics commented 9 months ago

🐛 Summary

On beta.get.gov, we have a redirect to manage.get.gov. This website uses login.gov for authentication purposes, so you will be redirected to that login prompt. On this prompt, there is a "go back" button, that, when pressed, redirects you to manage.get.gov. However, clicking this button will redirect you to a 401 page for manage.get.gov, as you are unauthorized.

To reproduce

Steps to reproduce the behavior:

  1. On the home page, click "Manage your domains"
  2. On the OIDC login page (login.gov) scroll down, and click "‹ Back to .gov Registrar"

This will redirect you to manage.get.gov and return a 401 error.

Expected behavior

What did you expect to happen that didn't? This button should not return a 401 unauthorized, but rather a) redirect you to beta.get.gov or b) redirect you to a more user friendly prompt.

Any helpful log output or screenshots

image image

Links to other issues

🔄 #489

PaulKuykendall commented 9 months ago

@h-m-f-t : ASK login.gov. "Can we change that link to redirect the user to get.gov?

h-m-f-t commented 9 months ago

Yes, see https://github.com/cisagov/manage.get.gov/issues/489