When you go to /v3/login from the browser and then refresh the URL, a 500 is returned with:
{
"statusCode": 500,
"error": "Internal Server Error",
"message": "Missing github request token cookie"
}
I wonder why? What's causing this.
Yeah, strange.
We should look into this
/v3/login, hapi-bell plugin issues a cookie for memorizing login state.code, and it redirects to /v3/login?code=xxxx.So we cannot request the login API with code parameter anymore if the login API has already processed it.
I think this behavior is for a security. If there is a WebUI, we don't go to /v3/login many time then it's not a problem.
This would explain some of the problems we encountered when implementing the functional tests. Whenever we went to /v3/login (which was always at the beginning of a test run), it would complain about the token being missing. We had to drop our local tables before every run to ensure consistency between runs.
Good find. Since a 500 error isn't appropriate here, should we instead
redirect to another page on success of the oauth flow?
hapi-bell plugin reads the state info from user's cookie and delete it.
One thing I can't comprehend is why does the token go missing. Is it hapi-bell that's removing the token? Or is Github actually not giving us a token because one was already issued?
When playing around with Github's authorization API, they only issue the token on the first request; any subsequent request would yield a payload with the token missing. I'm wondering if this is related or a happy coincidence
The token is in the cookie. It looks like all the examples have redirects after login: https://github.com/hapijs/bell/blob/master/API.md
Most helpful comment
We should look into this