Bad OAuth state in cookie

[betatim]

Sometimes this happens when people try to login. Seems to be hard to reproduce. Some kind of race condition or trying to login twice at the same time maybe.

Min says that the cookie is set before the redirect and then deleted after successful login. This means if two logins are happening at the same time you could end up with the second one failing.

[BenjaminHCCarr]

I was greeted with: You have successfully joined the project "Personal Data Notebooks". On signing into OH.

Popped over to https://notebooks.openhumans.org/hub/home

Server would launch: https://notebooks.openhumans.org/hub/user/{user}/

Then I would get the error:

500 : Internal Server Error
Failed to start your server. Please contact admin.

You can try restarting your server from the home page.

I was able to mitigate this error based on @betatim suggestion to clear cookies: notebooks.openhumans.org had one cookie jupyter-hub-token Deleting this cookie fixed the problem.

[betatim]

For archaeology purposes: I can reproduce this locally if I visit http://localhost:8000 then click login, OH redirects me back but to http://127.0.0.1:8000. This means that the hub can't read the cookie it set just before the redirect (because it is on a different domain).

Not sure how this happens in the production setup. Maybe HTTPS vs HTTP??