Page MenuHomePhabricator

Handle OAuth login errors better
Closed, ResolvedPublic

Description

We're getting some server errors when users attempt to login. These are OAuth errors relating to interruptions during the login process.

From @jsn.sherman:

  • reloading the error page generates another error. This is preventable
  • sometimes the idp offers more information in a rendered page on the back end, but the user will never see it. We could work to push that info forward
  • the solution to problems generating access tokens is almost always to just try again. We could either add in a limited auto-retry or add some not-scary UI to direct the user to do the same.

Event Timeline

Hi @Samwalton9 @jsn.sherman, are users still getting those server errors. since I am not facing such errors, could you plz show me the way to replicate those errors so that I can start solving them.
Thanks!!

Hi @Shashikantsingh7 Yes we're still seeing some of these errors. I'm not sure how to replicate them - try the following:

  • Log out from Meta Wiki
  • Click log in via Library Card
  • When prompted to log in to Meta, do something like click back to Library Card or reload the page

I'm not sure if this will work but it's one of the ways we think the error is being generated.

PR started for this:
https://github.com/WikipediaLibrary/TWLight/pull/592
It's looking really good, but I need to double-check the security implications of my changes to 400 error handling.

Okay, I took care of my security concern, which was to only share a specific bit of request data with the 400 error handler. PR is ready for review.

We're still getting Nonce-related login errors (see T272319), but we're seeing them directly and not triggering server errors now, by the looks of things.