Bug 1488394 - First login to starter fails with "Invalid request: Client state could not be verified"
Summary: First login to starter fails with "Invalid request: Client state could not be...
Keywords:
Status: ASSIGNED
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Management Console
Version: unspecified
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: ---
: ---
Assignee: Samuel Padgett
QA Contact: Yadan Pei
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-09-05 09:25 UTC by Michail Kargakis
Modified: 2019-09-05 16:22 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-09-13 12:19:56 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Michail Kargakis 2017-09-05 09:25:30 UTC
Description of problem:
When I login to starter (us-east-1) for the first time using my Github account (kargakis), every time, I get the following greeting in the console:

```
Error
Invalid request
Client state could not be verified

Return to the console.
```

If I click the console link, I am redirected back to the login page, click LOGIN WITH REDHAT, and then I am able to login to the console as usual.



Version-Release number of selected component (if applicable):

Server https://api.starter-us-east-1.openshift.com:443
openshift v3.6.173.0.5
kubernetes v1.6.1+5115d708d7


How reproducible:

Login in starter via Github. I recently requested to move my account from us-west-1 to us-east-1, not sure if it's related or not.



Expected results:

Expected to login w/o an error.

Comment 1 Michail Kargakis 2017-09-05 09:29:54 UTC
Seems to be an issue on Firefox 55.0.2 

Working fine on Google Chrome

Comment 4 Samuel Padgett 2017-09-13 12:10:56 UTC
I've been trying to reproduce over the last week in different browsers, using private browsing mode to simulate first login, etc. No luck. Michail, have you seen this again?

There is auth logging we can enable if this is reproducible (although be careful what you add to the Bugzilla since it might have your access token).

https://github.com/openshift/origin-web-console#enable--disable-console-log-output

Comment 5 Samuel Padgett 2017-09-13 12:14:03 UTC
Marking this low severity for now since it's infrequent and logging in a second time works.

Comment 6 Michail Kargakis 2017-09-13 12:19:56 UTC
I can't reproduce this anymore. Might having been related to my cookies or something. I am going to close it, thanks for taking a look!

Comment 7 mixer3d 2017-11-08 19:25:31 UTC
Hi

I can confirm, that bug still exists, cannot login for the first time to openshift free starter account for the first time from Firefox-ESR 52.4.0 on debian 9 amd64, still from chromium without problems.

Regards
j

Comment 8 Samuel Padgett 2018-02-05 16:13:17 UTC
(In reply to mixer3d from comment #7)
> I can confirm, that bug still exists, cannot login for the first time to
> openshift free starter account for the first time from Firefox-ESR 52.4.0 on
> debian 9 amd64, still from chromium without problems.

Reopening. I've seen this as well recently.

Comment 9 Samuel Padgett 2018-02-05 18:30:58 UTC
It appears that this happens if you are able visit the console initially using an http URL rather than https. You are directed to the login page, then redirected back to the https console URL. The nonce is stored in local storage, however, and it is undefined when we try to read it because the https console is a different domain.

Comment 10 Samuel Padgett 2018-02-05 18:33:50 UTC
The second login works because this time you are redirected to the login page from the https console.


Note You need to log in before you can comment on or make changes to this bug.