Potential Method Bug: State Token potentially lost when new a Oauth window opens on iOS mobile browsers #16
Comments
|
You may have to copy and paste those URLs to your browser! |
|
I'm unable to view the video. Can you enable public access? It's probably not a good idea to share a Facebook access token here. Though it will probably have expired by the time anyone can test anything. This kind of error can happen if your URL in It would be very odd if it doesn't happen on all browsers but only mobile. |
|
@clarkwinkelmann should be expired soon (I think, lol). I've edited the URL of the video, can you test if it works? Also, the login works (for other users as well) for all devices except mobile (iOS specifically). You can also test the same error if you have iPhone at https://sheetscience.io |
|
Unfortunately I don't have any iOS device, and I don't see any obvious issue just by looking at the video. Let's wait for another FoF member to chime in. Not sure if anyone's got Apple products to test. |
|
@michaelangrivera i have an iPhone 12 pro on iOS 14.2.1
Kind regards |
|
@katosdev hi! The same error is persistent across three browsers on the iPhone- Safari, Chrome, Firefox. I've tested all 3. X3I8I6T3 is one I have generated for you. Thank you, Michael Angelo Rivera |
|
Issue confirmed on your own site: This looks like an invalid callback URL is at fault to be honest (I tried using google by the way). please can you confirm what your callback URL is set to? |
|
Issue not present when PWA extension is disabled, suspect that the CSRF token is not being passed through properly for the OAuth. Further testing is required on my local host but I may have a potential fix. |
|
@katosdev Awesome! Just let me know if you need any more assistance from my end! |
|
@katosdev Any ideas or workarounds that you're thinking of? |
|
@michaelangeloio Is the issue you were describing still happening on the latest version of |
Hi FoF! Hope everyone's doing well!
While testing FoF Oauth on mobile, specifically iOS 14, I believe there is an error. Here's a link to a video demonstrating what happens.
I'm thinking it may be an exception that's raised when Flarum tries to compare tokens because the token is lost during a new window launch. Could be wrong though!
Link to the video: https://drive.google.com/file/d/1ZkcvVQOo-GHp7gTmKWl-w9FuitoJP77A/view?usp=drivesdk
Link to the error: https://sheetscience.io/auth/facebook?code=AQA-VaNxskihcMcN17wERwTwtZBAqe4dtpAgJsbC3bhjN7bKSUEUaLDz3GRLeE1vxPEhPrTO-jYx0qbRnWdMrmAkQeTDhy9AcqGBbmYaAmdmFUZYSN_YBPRNKyAZ1tAQOtLT-mKqmWRNw-wdidL0EcUAg2XA6GVMHPHrar2FdoRJ2DKgMecec2VTpj7ujfMUNVumZVSR7zwOGpYsBAW4pC9SthjYNFLjXBT1v46FtFvXhAPjWgsTTiHL2g2PfdKjIjHMLTiRtdXcdT6t8_DOf3ui_zeG6sQjUU77SiqFvkGDcMTj5ZYGMmLeFKmLZSnSiQNtJl2M7ADC6dvGFZI-ErM8&state=ababe7806dacefd6f7d9a06280beee76#_=_
Whoops! There was an error..zip
Thank you :)
Michael Angelo Rivera
The text was updated successfully, but these errors were encountered: