search

hedgedoc / hedgedoc

HedgeDoc - Ideas grow better together
https://hedgedoc.org
GNU Affero General Public License v3.0
5.21k stars 405 forks source link

Internal server error when OAuth2 login request gets denied #5522

Open haslersn opened 8 months ago

haslersn commented 8 months ago

Description

When using ORY Hydra as an OAuth2 provider and an OAuth2 login request gets denied, it redirects back to an URL of the form:

https://hedgedoc.example.com/auth/oauth2/callback?error=login+request+denied&error_description=login+has+been+cancelled&state=redacted

This results in an internal server error.

Steps to reproduce

Go to any HedgeDoc instance where OAuth2 login is enabled and append the path /auth/oauth2/callback?error=login+request+denied&error_description=login+has+been+cancelled&state=redacted.

Expected behaviour

The error should be shown to the user. If an error_description is given, then that should be shown to the user instead.

Logs

No response

Config

No response

Your Setup

Additional context

No response

shubham9069 commented 3 months ago

can we discuss on this

haslersn commented 3 months ago

can we discuss on this

What do you mean?