Open philvarner opened 4 years ago
The fix for this seems to be explicitly setting:
c.Auth0OAuthenticator.scope = ['openid', 'email']
I have no idea why the case when you're not logged in and when you are would give different results, but it does
Super helpful @philvarner! Thanks for figuring it out. I hope it's able to be fixed soon.
If I login to JH via Auth0, and then JH times out due to inactivity or I explicitly delete the JH auth cookies, I then get a login failures (500 Error) from JH after the "seamless" redirect to Auth0 and back to JH /oauth_callback endpoint. I have never seen this issue if I delete both the JH and Auth0 cookies, which causes Auth0 to explicitly prompt me for authentication.
The failure is in
auth0.py
on the line'name': resp_json["email"],
, but I suspect that the underlying problem is that the request to the userinfo endpoint returns a non-200 response, which isn't handled properly (maybe the token is bad?)I have reproduced this both on a standalone TLJH installed directly on an EC2 instance and the latest K8s helm chart version.
Stack trace: