search

enjalot / blockbuilder

Create, fork and edit d3.js code snippets for use with bl.ocks.org right in the browser, no terminal required.
Other
323 stars 59 forks source link

Broken Auth Flow with HTTPS #227

Closed curran closed 5 years ago

curran commented 5 years ago

Something seems fishy about the auth flow at the moment.

image

Isolated this to https only. Authentication works fine with http, gives this error with https.

will add the bug report from @EE2dev as well - @micahstubbs

I love to use blockbuilder and for me logging in through the github account works perfectly fine. A friend of mine wanted to host a d3.js quiz I wrote, so I thought the easiest is

Logging on github works fine. But logging on blockbuilder.org through the github account leads to the following error:

gh_bb

lnhmjjkcoaomllab

Do you need more than a github account to use blockbuilder and fork an existing gist? Do you need to have an existing github repo or a gist,..?!

micahstubbs commented 5 years ago

thanks for reporting this @curran

it looks like we need to pass an https redirect_uri to github during the oauth dance for https sessions.

related to #225 - if we redirect http to https, then I think we could just always use the https uri as the redirect_uri

ymoran00 commented 5 years ago

Happened too - can't login.

micahstubbs commented 5 years ago

hoping to have some bandwidth to fix this one soon.

enjalot commented 5 years ago

Ok, I've updated the redirect link on the github app to use https. We should probably deploy the redirect to https @micahstubbs

eduardosuela commented 5 years ago

Still getting the Authentication error. Yikes : ((

Congrats, by the way for the app

aurelient commented 5 years ago

@eduardosuela did you try loading blockbuilder with https:// instead of http:// ?

micahstubbs commented 5 years ago

@enjalot ack, will deploy the redirect to https this weekend. related issue for that https://github.com/enjalot/blockbuilder/issues/225

eduardosuela commented 5 years ago

@aurelient it works fine in https

headwinds commented 5 years ago

@aurelient awesome thank you - that also worked for me

Sadly, I wasn't quick enough to think to check here last night when I couldn't access my block but then I remembered in the morning primed with coffee. I really appreciate all the work you've done - It's one of my favourite sandboxes!

with errors like this, it might be nice to consider adding a common error screen which captures the error message that @curran shared as well as mentioning places to visit for advice like checking github issues. The home page could also benefit from a section like:

Having issues?

If you encounter any problems, please check our Github issues page and report the issue if it doesn't already exist.

micahstubbs commented 5 years ago

I like the idea of better error handling, and perhaps a FAQ entry too 💡

micahstubbs commented 5 years ago

ok redirecting http to https is fixed 🎉 https://github.com/enjalot/blockbuilder/issues/225

not quite out of the woods on this one though. @enjalot when I click login, I see this error:

screen shot 2018-12-02 at 11 52 21 pm

AuthorizationError: The redirect_uri MUST match the registered callback URL for this application.
   at Strategy.OAuth2Strategy.authenticate (/home/ubuntu/blockbuilder/node_modules/passport-github/node_modules/passport-oauth2/lib/strategy.js:131:25)
   at attempt (/home/ubuntu/blockbuilder/node_modules/passport/lib/middleware/authenticate.js:348:16)
   at authenticate (/home/ubuntu/blockbuilder/node_modules/passport/lib/middleware/authenticate.js:349:7)
   at Layer.handle [as handle_request] (/home/ubuntu/blockbuilder/node_modules/express/lib/router/layer.js:95:5)
   at next (/home/ubuntu/blockbuilder/node_modules/express/lib/router/route.js:131:13)
   at Route.dispatch (/home/ubuntu/blockbuilder/node_modules/express/lib/router/route.js:112:3)
   at Layer.handle [as handle_request] (/home/ubuntu/blockbuilder/node_modules/express/lib/router/layer.js:95:5)
   at /home/ubuntu/blockbuilder/node_modules/express/lib/router/index.js:277:22
   at Function.process_params (/home/ubuntu/blockbuilder/node_modules/express/lib/router/index.js:330:12)
   at next (/home/ubuntu/blockbuilder/node_modules/express/lib/router/index.js:271:10)
micahstubbs commented 5 years ago

@enjalot curious, can you check/update the redirect link on the github app one more time?

micahstubbs commented 5 years ago

weird, in an incognito tab, the redirect link seems to work fine. I see the github login page 🤔

screen shot 2018-12-02 at 11 57 30 pm

but then when I try to login, after I submit my github credentials it fails with the same AuthorizationError: The redirect_uri MUST match the registered callback URL for this application.

screen shot 2018-12-03 at 12 11 56 am

enjalot commented 5 years ago

I got the error when I logged out and logged in again. I'm wondering if we need to provide the full URI for the callbackURL here: https://github.com/enjalot/blockbuilder/blob/09425c84e918c298909bcabd51bb9d9b0f88c0a9/server.js#L148 so perhaps it should be "https://blockbuilder.org/auth/github/callback" instead of "/auth/github/callback"

enjalot commented 5 years ago

This should work now, please confirm

micahstubbs commented 5 years ago

I am now able to log in with github on mobile Chrome. nice work @enjalot!

will close this one as fixed, and re-open if @curran @Fil or others report problems logging in later.