Closed michelletran-codecov closed 1 month ago
RulaKhaled
commented
1 month ago @michelletran-codecov When we tested this, Okta couldn't redirect to Codecov without valid authentication credentials. I can't reproduce the issue. Is there a customer I can impersonate? I'm curious to see what error response looks like, or if there's an error param sent with the redirect that could help surface different errors
michelletran-codecov
commented
1 month ago A user can fail if they are not assigned to the Okta group that was configured for Codecov. We can try to "fake" that by removing a user from the Okta preview app (I don't think we can "test" this with production, as it's an app that IT manages).
A full list of the error codes can be found here: https://developer.okta.com/docs/reference/error-codes/#example-errors-for-openid-connect-and-social-login
RulaKhaled
commented
1 month ago Handling this in https://github.com/codecov/codecov-api/pull/814. For Gazebo, I'll loop in @codecovdesign for design and copy. I'll create a separate task for Gazebo error discovery and close this with the API fix once it's done. I’ll append this as a subtask for the larger Gazebo change
Is your feature request related to a problem? Please describe. Currently Okta shows a blank page if the user's Okta authentication fails for whatever reason (i.e. they are not assigned to the Okta group etc.). Users don't get much feedback on why they've failed, which is a bad experience. We should at least surface the reason why Okta failed to the user so that they have some idea of why they can't log in.
Describe the solution you'd like After receiving an error response from Okta, we should probably surface this up on the Codecov UI. Maybe on a banner or some error box.