[Fiware-lab-help] [Idm] Expired cookie break the OAuth workflow

CHOLLON Geoffroy geoffroy.chollon at thalesgroup.com
Wed May 27 16:40:03 CEST 2015

Previous message: [Fiware-lab-help] [FI-WARE-JIRA] (FIL-49) Unable to make image public
Next message: [Fiware-lab-help] Data Streams Bundle blueprint server image
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello

I am observing a misbehaviour during the OAuth workflow with the IDM.
If the 'cloud.lab.fiware.org' cookie is expired then the OAuth process is broken and leads to an unrelated location.


-          In details, when starting the OAuth workflow with the initial redirection:
> Request URL:https://account.lab.fiware.org/oauth2/authorize/?response_type=code&client_id=1d75df2ec0c1478db98a3c8db3169d63&redirect_uri=https%3A%2F%2F195.220.224.10%2Fcallback&state=0
> Request Method:GET
> Cookie:csrftoken=1NYhy2ylBfdmZbjjL5lQOUr9o9C0GO79; sessionid=".eJyFVMty5DQUDZ1096RDkpnwGpgA...
< Status Code:302 FOUND
< Location:https://account.lab.fiware.org/oauth2/authorize/
< Set-Cookie:logout_reason="Session timed out."; expires=Wed, 27-May-2015 11:28:20 GMT; Max-Age=10; Path=/
< Set-Cookie:sessionid="gAJ9cQEu:1YxZVK:7EpZt947_U8cHWW5gzALWStpiJ0"; expires=Thu, 01-Jan-1970 00:00:00 GMT; httponly; Max-Age=0; Path=/



-          The server detects the expiration of the cookie and does a redirection to 'oauth2/authorize'. !!!!!   With this the initial OAuth parameters are LOST   !!!!!.



-          Then the redirection is followed. The server detects that the OAuth parameters are missing and throws an error message.
> Request URL:https://account.lab.fiware.org/oauth2/authorize/
> Request Method:GET
< Status Code:302 FOUND
< Location:https://account.lab.fiware.org/home/
< Set-Cookie:messages="c481bf8a30347e94dea1129ad8a7d762354f2cfd$[[\"__json_message\"\0540\05440\054\"Unable to retrieve application.\"]]"; Path=/


-          After a while, the browser ends up to 'https://account.lab.fiware.org/auth/login/?next=/idm/' page with a red 'Error: Unable to retrieve application.' message box.


My wild guess to fix this bug should be to preserve the url parameters in the initial redirection.


Thanks
Geoffroy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/fiware-lab-help/attachments/20150527/2df1397d/attachment.html>

Previous message: [Fiware-lab-help] [FI-WARE-JIRA] (FIL-49) Unable to make image public
Next message: [Fiware-lab-help] Data Streams Bundle blueprint server image
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Fiware-lab-help mailing list

You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy