GitHub authentication to lab.securedrop.club fixed


#1

Bonjour,

@conorsch kindly reported that the GitHub authentication at lab.securedrop.club was broken. It did not even issue an error message, it was just behaving in strange and unpredictible ways. That was because of a missing / at the end of the callback for OAuth and most likely happening since the upgrade to 10.5.6.

Please let us know if you’re still experiencing troubles

P.S. it appears this trailing slash sensitivity is GitLab specific. The weblate OAuth integration with GitHub works fine even when the trailing slash is missing.


#2

Tried again and was indeed able to authenticate via GitHub. :tada: However, a prominent error message was displayed:

The CSRF error didn’t actually make the authentication fail, though: after navigating past the login screen to https://lab.securedrop.club/explore, I appear to be active with the GH credentials. So, my issues are largely resolved, but documenting the CSRF error in case others encounter it.

Thanks for the lightning-fast turnaround here, @dachary!


#3

This is super weird! Nice one :slight_smile: Would you be so kind as to add to this thread if the problem persists?


#4

Absolutely. Looks stable to me, but we shall after browser restarts, machine reboots, cosmic rays, etc. :slightly_smiling_face:


#5

Thanks for your help @conorsch.


#6

Just noting that I was able to auth via GitHub today with no problems, and no error messages.