Open gene1wood opened 6 years ago
Duplicate with https://github.com/mozilla-iam/auth0-custom-lock/issues/25
@gene1wood, can you close that issue? I seem to be not allowed to. :-(
@gene1wood ^^^
@hmitsch #25 is not a related to this. #25 talks about "The user is presented with the NLX "enter your email address" field. As the user begins to type in their email address the page redirects."
This problem is not a display artifact, it is an underlying session duration issue.
I tried to troubleshoot this with gene at his desk and we couldn't find anything. it looks like auth0 decides hes simply no longer logged in even thus his cookie is valid, which could be for a number of reasons where we don't have visibility. Basically, this is odd and reproducing it is difficult. we'll check again when this happens again
@gdestuynder if/when this happens tomorrow, what data should I gather?
Honestly, I'm not sure. This might be a thing where we have to ask Auth0 for help
This happened just now again when browsing to phonebook.
I emailed auth0 support. Here's what I sent them
Related ticket : https://github.com/mozilla-iam/auth0-custom-lock/issues/35
We recently changed from using the Auth0 lock to our own login experience that uses auth0.js
I am intermittently (looks like about once a day in the morning, possibly after some daily session expires) seeing the following behavior
The /authorize endpoint sees that I have a valid unexpired "auth0" cookie with my session and 302 redirects me to the redirect_uri of the RP
The /authorize endpoint instead 302s me to /login
HTTP/2.0 303 See Other
server: Apache
x-backend-server: generic4.webapp.phx1.mozilla.com
vary: Accept-Encoding
cache-control: private, must-revalidate
content-type: text/html; charset=iso-8859-1
content-encoding: gzip
public-key-pins: max-age=1296000; pin-sha256="zSvnhQdjmYpQNahZ5voq6EGaNgaT0ElRiy+mzBD7p+k="; pin-sha256="5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w="; pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis="
date: Mon, 26 Feb 2018 20:46:04 GMT
location: https://auth.mozilla.auth0.com/samlp/K7vKewjQHKe45mmOo5cRae6yyOvnmg74?SAMLRequest=hZJ_REDACTED_3640Ts%3D&RelayState=https%3A%2F%2Fphonebook.mozilla.org%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=ruAffyovlSvY7CH9u4ZNimAmOjI3QT0kszvR%2FTXmVCtC8h1ozw9ND5XbAh3%2F0eWIqihN66ck0xXBb6BRnPgYMq3PguY2p3tO9E1r305MYCtxnIxFUnDEBxd54NKD%2BjHcZb2uqMV0ysXtimITkdJuVEY7bm1MqjPgoQdcO%2BE9SExQ0%2B%2F8KW%2BXmeLV6dbY%2BtkJhr3Z%2FHnrB5%2FuPiK5PVBQ5gAfQpi8QDTgFzcDsqx7hYntXGSVqXG%2BWm8gWh6gite1ZN8ORhSGfAcR5J%2F1caGNsUX%2FUJVEIjq7TcnHqfz0jJoNzJfUs3A%2BhfY0aYgUdCLQVgHlhBV0cscQy1x95TOXgQ%3D%3D
set-cookie: mellon-cookie=cookietest; Version=1; Path=/; Domain=phonebook.mozilla.org; HttpOnly; secure;
x-cache-info: not cacheable; response code not cacheable
X-Firefox-Spdy: h2
GET /samlp/K7vKewjQHKe45mmOo5cRae6yyOvnmg74?SAMLRequest=hZJLT8MwREDACTED_0Ts%3D&RelayState=https%3A%2F%2Fphonebook.mozilla.org%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=ruAffyovlSvY7CH9u4ZNimAmOjI3QT0kszvR%2FTXmVCtC8h1ozw9ND5XbAh3%2F0eWIqihN66ck0xXBb6BRnPgYMq3PguY2p3tO9E1r305MYCtxnIxFUnDEBxd54NKD%2BjHcZb2uqMV0ysXtimITkdJuVEY7bm1MqjPgoQdcO%2BE9SExQ0%2B%2F8KW%2BXmeLV6dbY%2BtkJhr3Z%2FHnrB5%2FuPiK5PVBQ5gAfQpi8QDTgFzcDsqx7hYntXGSVqXG%2BWm8gWh6gite1ZN8ORhSGfAcR5J%2F1caGNsUX%2FUJVEIjq7TcnHqfz0jJoNzJfUs3A%2BhfY0aYgUdCLQVgHlhBV0cscQy1x95TOXgQ%3D%3D HTTP/1.1
Host: auth.mozilla.auth0.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cookie: ajs_anonymous_id=%221f17079d-9288-4b96-a2da-e8d3f020f6c7%22; ajs_user_id=%22google-oauth2%7C107983849162024127268%22; _ga=GA1.2.1273092934.1511228425; auth0-mf=_aHtpQg_REDACTED_ucvp_4; auth0=s%3AX_REDACTED_Ph0%2BIkzo
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
SAMLRequest=hZJL_REDACTED_0Ts%3D
RelayState=https%3A%2F%2Fphonebook.mozilla.org%2F
SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1
Signature=ruAffyovlSvY7CH9u4ZNimAmOjI3QT0kszvR%2FTXmVCtC8h1ozw9ND5XbAh3%2F0eWIqihN66ck0xXBb6BRnPgYMq3PguY2p3tO9E1r305MYCtxnIxFUnDEBxd54NKD%2BjHcZb2uqMV0ysXtimITkdJuVEY7bm1MqjPgoQdcO%2BE9SExQ0%2B%2F8KW%2BXmeLV6dbY%2BtkJhr3Z%2FHnrB5%2FuPiK5PVBQ5gAfQpi8QDTgFzcDsqx7hYntXGSVqXG%2BWm8gWh6gite1ZN8ORhSGfAcR5J%2F1caGNsUX%2FUJVEIjq7TcnHqfz0jJoNzJfUs3A%2BhfY0aYgUdCLQVgHlhBV0cscQy1x95TOXgQ%3D%3D
HTTP/1.1 302 Found
Date: Mon, 26 Feb 2018 20:46:04 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2388
Connection: keep-alive
Keep-Alive: timeout=100
X-Auth0-RequestId: 88dcd8fcf0070a531170
Location: /login?client=K7vKewjQHKe45mmOo5cRae6yyOvnmg74&protocol=samlp&SAMLRequest=hZJLT8M_REDACTED_0Ts%3D&RelayState=https%3A%2F%2Fphonebook.mozilla.org%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=ruAffyovlSvY7CH9u4ZNimAmOjI3QT0kszvR%2FTXmVCtC8h1ozw9ND5XbAh3%2F0eWIqihN66ck0xXBb6BRnPgYMq3PguY2p3tO9E1r305MYCtxnIxFUnDEBxd54NKD%2BjHcZb2uqMV0ysXtimITkdJuVEY7bm1MqjPgoQdcO%2BE9SExQ0%2B%2F8KW%2BXmeLV6dbY%2BtkJhr3Z%2FHnrB5%2FuPiK5PVBQ5gAfQpi8QDTgFzcDsqx7hYntXGSVqXG%2BWm8gWh6gite1ZN8ORhSGfAcR5J%2F1caGNsUX%2FUJVEIjq7TcnHqfz0jJoNzJfUs3A%2BhfY0aYgUdCLQVgHlhBV0cscQy1x95TOXgQ%3D%3D&state=RmAqBGH4k8QGs9zC_BjTx4FaG-xoGWLJ
Vary: Accept
set-cookie: auth0=s%3AX_REDACTED_0%2BIkzo; Path=/; Expires=Thu, 01 Mar 2018 20:46:04 GMT; HttpOnly; Secure
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Strict-Transport-Security: max-age=15724800
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
GET /login?client=K7vKewjQHKe45mmOo5cRae6yyOvnmg74&protocol=samlp&SAMLRequest=hZJLT8_REDACTED_%2F%2Fphonebook.mozilla.org%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=ruAffyovlSvY7CH9u4ZNimAmOjI3QT0kszvR%2FTXmVCtC8h1ozw9ND5XbAh3%2F0eWIqihN66ck0xXBb6BRnPgYMq3PguY2p3tO9E1r305MYCtxnIxFUnDEBxd54NKD%2BjHcZb2uqMV0ysXtimITkdJuVEY7bm1MqjPgoQdcO%2BE9SExQ0%2B%2F8KW%2BXmeLV6dbY%2BtkJhr3Z%2FHnrB5%2FuPiK5PVBQ5gAfQpi8QDTgFzcDsqx7hYntXGSVqXG%2BWm8gWh6gite1ZN8ORhSGfAcR5J%2F1caGNsUX%2FUJVEIjq7TcnHqfz0jJoNzJfUs3A%2BhfY0aYgUdCLQVgHlhBV0cscQy1x95TOXgQ%3D%3D&state=RmAqBGH4k8QGs9zC_BjTx4FaG-xoGWLJ HTTP/1.1
Host: auth.mozilla.auth0.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cookie: ajs_anonymous_id=%221f17079d-9288-4b96-a2da-e8d3f020f6c7%22; ajs_user_id=%22google-oauth2%7C107983849162024127268%22; _ga=GA1.2.1273092934.1511228425; auth0-mf=_aHtpQ_REDACTED_2ucvp_4; auth0=s%3A_REDACTED_%2BIkzo
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
client=K7vKewjQHKe45mmOo5cRae6yyOvnmg74
protocol=samlp
SAMLRequest=hZJLT_REDACTED_Ts%3D
RelayState=https%3A%2F%2Fphonebook.mozilla.org%2F
SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1
Signature=ruAffyovlSvY7CH9u4ZNimAmOjI3QT0kszvR%2FTXmVCtC8h1ozw9ND5XbAh3%2F0eWIqihN66ck0xXBb6BRnPgYMq3PguY2p3tO9E1r305MYCtxnIxFUnDEBxd54NKD%2BjHcZb2uqMV0ysXtimITkdJuVEY7bm1MqjPgoQdcO%2BE9SExQ0%2B%2F8KW%2BXmeLV6dbY%2BtkJhr3Z%2FHnrB5%2FuPiK5PVBQ5gAfQpi8QDTgFzcDsqx7hYntXGSVqXG%2BWm8gWh6gite1ZN8ORhSGfAcR5J%2F1caGNsUX%2FUJVEIjq7TcnHqfz0jJoNzJfUs3A%2BhfY0aYgUdCLQVgHlhBV0cscQy1x95TOXgQ%3D%3D
state=RmAqBGH4k8QGs9zC_BjTx4FaG-xoGWLJ
HTTP/1.1 200 OK
Date: Mon, 26 Feb 2018 20:46:04 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=100
Vary: Accept-Encoding
X-Auth0-RequestId: 70a56b9813e2c1e9ff73
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Strict-Transport-Security: max-age=15724800
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
Content-Encoding: gzip
HTML of login page
GET /authorize?client_id=K7vKewjQHKe45mmOo5cRae6yyOvnmg74&protocol=samlp&SAMLRequest=hZJLT_REDACTED_s%3D&RelayState=https%3A%2F%2Fphonebook.mozilla.org%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=ruAffyovlSvY7CH9u4ZNimAmOjI3QT0kszvR%2FTXmVCtC8h1ozw9ND5XbAh3%2F0eWIqihN66ck0xXBb6BRnPgYMq3PguY2p3tO9E1r305MYCtxnIxFUnDEBxd54NKD%2BjHcZb2uqMV0ysXtimITkdJuVEY7bm1MqjPgoQdcO%2BE9SExQ0%2B%2F8KW%2BXmeLV6dbY%2BtkJhr3Z%2FHnrB5%2FuPiK5PVBQ5gAfQpi8QDTgFzcDsqx7hYntXGSVqXG%2BWm8gWh6gite1ZN8ORhSGfAcR5J%2F1caGNsUX%2FUJVEIjq7TcnHqfz0jJoNzJfUs3A%2BhfY0aYgUdCLQVgHlhBV0cscQy1x95TOXgQ%3D%3D&state=RmAqBGH4k8QGs9zC_BjTx4FaG-xoGWLJ&sso=true&connection=Mozilla-LDAP&tried_silent_auth=true HTTP/1.1
Host: auth.mozilla.auth0.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://auth.mozilla.auth0.com/login?client=K7vKewjQHKe45mmOo5cRae6yyOvnmg74&protocol=samlp&SAMLRequest=hZJLT8Mw_REDACTED_3640Ts%3D&RelayState=https%3A%2F%2Fphonebook.mozilla.org%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=ruAffyovlSvY7CH9u4ZNimAmOjI3QT0kszvR%2FTXmVCtC8h1ozw9ND5XbAh3%2F0eWIqihN66ck0xXBb6BRnPgYMq3PguY2p3tO9E1r305MYCtxnIxFUnDEBxd54NKD%2BjHcZb2uqMV0ysXtimITkdJuVEY7bm1MqjPgoQdcO%2BE9SExQ0%2B%2F8KW%2BXmeLV6dbY%2BtkJhr3Z%2FHnrB5%2FuPiK5PVBQ5gAfQpi8QDTgFzcDsqx7hYntXGSVqXG%2BWm8gWh6gite1ZN8ORhSGfAcR5J%2F1caGNsUX%2FUJVEIjq7TcnHqfz0jJoNzJfUs3A%2BhfY0aYgUdCLQVgHlhBV0cscQy1x95TOXgQ%3D%3D&state=RmAqBGH4k8QGs9zC_BjTx4FaG-xoGWLJ
Cookie: ajs_anonymous_id=%221f17079d-9288-4b96-a2da-e8d3f020f6c7%22; ajs_user_id=%22google-oauth2%7C107983849162024127268%22; _ga=GA1.2.1273092934.1511228425; auth0-mf=_aHtpQg_REDACTED_cvp_4; auth0=s%3A_REDACTED_2BIkzo
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
client_id=K7vKewjQHKe45mmOo5cRae6yyOvnmg74
protocol=samlp
SAMLRequest=hZJ_REDACTED_Ts%3D
RelayState=https%3A%2F%2Fphonebook.mozilla.org%2F
SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1
Signature=ruAffyovlSvY7CH9u4ZNimAmOjI3QT0kszvR%2FTXmVCtC8h1ozw9ND5XbAh3%2F0eWIqihN66ck0xXBb6BRnPgYMq3PguY2p3tO9E1r305MYCtxnIxFUnDEBxd54NKD%2BjHcZb2uqMV0ysXtimITkdJuVEY7bm1MqjPgoQdcO%2BE9SExQ0%2B%2F8KW%2BXmeLV6dbY%2BtkJhr3Z%2FHnrB5%2FuPiK5PVBQ5gAfQpi8QDTgFzcDsqx7hYntXGSVqXG%2BWm8gWh6gite1ZN8ORhSGfAcR5J%2F1caGNsUX%2FUJVEIjq7TcnHqfz0jJoNzJfUs3A%2BhfY0aYgUdCLQVgHlhBV0cscQy1x95TOXgQ%3D%3D
state=RmAqBGH4k8QGs9zC_BjTx4FaG-xoGWLJ
sso=true
connection=Mozilla-LDAP
tried_silent_auth=true
HTTP/1.1 302 Found
Date: Mon, 26 Feb 2018 20:46:05 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 2524
Connection: keep-alive
Keep-Alive: timeout=100
X-Auth0-RequestId: 8900e430e295826a3edf
Location: /login?client=K7vKewjQHKe45mmOo5cRae6yyOvnmg74&protocol=samlp&SAMLRequest=hZJLT8_REDACTED_3640Ts%3D&RelayState=https%3A%2F%2Fphonebook.mozilla.org%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=ruAffyovlSvY7CH9u4ZNimAmOjI3QT0kszvR%2FTXmVCtC8h1ozw9ND5XbAh3%2F0eWIqihN66ck0xXBb6BRnPgYMq3PguY2p3tO9E1r305MYCtxnIxFUnDEBxd54NKD%2BjHcZb2uqMV0ysXtimITkdJuVEY7bm1MqjPgoQdcO%2BE9SExQ0%2B%2F8KW%2BXmeLV6dbY%2BtkJhr3Z%2FHnrB5%2FuPiK5PVBQ5gAfQpi8QDTgFzcDsqx7hYntXGSVqXG%2BWm8gWh6gite1ZN8ORhSGfAcR5J%2F1caGNsUX%2FUJVEIjq7TcnHqfz0jJoNzJfUs3A%2BhfY0aYgUdCLQVgHlhBV0cscQy1x95TOXgQ%3D%3D&sso=true&connection=Mozilla-LDAP&tried_silent_auth=true&state=RmAqBGH4k8QGs9zC_BjTx4FaG-xoGWLJ
Vary: Accept
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Strict-Transport-Security: max-age=15724800
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
@gene1wood Is this still happening? And is there anything we can do from NLX side to make this better?
Without something like #133 we're pretty blind as to the reason that a user's auto-login is failing.
As a user, I still get prompted to login. To me it seems more frequent than I would expect but I don't have any visibility into the complex interaction of
If we were able to understand and log or report why a user's auto-login is failing we could tell if this problem is happening.
Yesterday I logged into pto.mozilla.org phonebook.mozilla.org and mana.mozilla.org and used them.
This morning I browsed to phonebook.mozilla.org and with no NLX was taken straight to phonebook (I imagine because I had a session in phonebook already)
I then went to pto.mozilla.org and was presented with the NLX and had to type in my email address and my password.
I then went to mana.mozilla.org and was presented with the NLX and had to type in my email address and my password.
With the old lock, in these cases I would be presented with the "Would you like to login as jdoe@mozilla.com" button which I'd click and be in.
I have to imagine this is a bug and that users aren't expected to re-enter there email and password each day, for each mozilla site they use (as we didn't have to do this before NLX).