Screwdriver: 500 when refreshing `/v3/login` route after token is returned

Created on 15 Aug 2016  路  8Comments  路  Source: screwdriver-cd/screwdriver

When you go to /v3/login from the browser and then refresh the URL, a 500 is returned with:

{
"statusCode": 500,
"error": "Internal Server Error",
"message": "Missing github request token cookie"
}

Most helpful comment

We should look into this

All 8 comments

I wonder why? What's causing this.

Yeah, strange.

We should look into this

So we cannot request the login API with code parameter anymore if the login API has already processed it.
I think this behavior is for a security. If there is a WebUI, we don't go to /v3/login many time then it's not a problem.

This would explain some of the problems we encountered when implementing the functional tests. Whenever we went to /v3/login (which was always at the beginning of a test run), it would complain about the token being missing. We had to drop our local tables before every run to ensure consistency between runs.

Good find. Since a 500 error isn't appropriate here, should we instead
redirect to another page on success of the oauth flow?

hapi-bell plugin reads the state info from user's cookie and delete it.

One thing I can't comprehend is why does the token go missing. Is it hapi-bell that's removing the token? Or is Github actually not giving us a token because one was already issued?

When playing around with Github's authorization API, they only issue the token on the first request; any subsequent request would yield a payload with the token missing. I'm wondering if this is related or a happy coincidence

The token is in the cookie. It looks like all the examples have redirects after login: https://github.com/hapijs/bell/blob/master/API.md

Was this page helpful?
0 / 5 - 0 ratings

Related issues

petey picture petey  路  8Comments

jithine picture jithine  路  7Comments

yoshwata picture yoshwata  路  5Comments

jeffreytolar picture jeffreytolar  路  3Comments

catto picture catto  路  4Comments