Hi guys #LinkedIn!
I have struggled with a bug using your oauth2 authentication.
Every time I was trying to "login with LinkedIn" to my site, only via mobile, I would get the authorization server encountered an unexpected condition.
Bummer.
It took me quite a while to figure out the problem. Apparently my mobile keyboard adds an extra "space" character after my email address. email#email.com_.
It does not trim the email string, and it does not return an "email and password does not match" error, rather redirects to the callback address with the said error.
This is reproducible in mobile and desktop too.
Are you guys aware of that bug? I couldn't find a proper place to report bugs to you guys.
(if you got here by searching the error message, please upvote so the good ppl #linkedin will see it :D )
Thanks!
Related
Since few days I have problems with the API instagram. Instagram sending this error page after the user has entered this login information.
"This page could not be loaded. If you have cookies disabled in your browser, or you are browsing in private mode"
Do you know why ? How to do ? Need help
On webapp authentication... the problem is related to instagram platform. I found that the problem arise only if your browser don't have the instagram cookie "ig_cb" set. This is set when you accept cookie policy on instagram.com. The workaround is to go on instagram and accept cookie policy then go back to your social auth and proceed.
This happens for both mobile and desktop users (browser).
Being a block on instagram login process... I guess there's no definitive solution other than wait for instagram bug fix.
I hate to be the bearer of bad news, but we also had this problem, which flagged on the Facebook Dev page: https://developers.facebook.com/support/bugs/406930029718049/
They have looked into the problem, as a number of us have had this exact issue too. It is only affecting EU user, as our US users are logging in and signing up without problems, and it seems that Facebook are refusing to look into it - their Instagram Platform API forum has already stopped accepting issues.
In terms of what we have learnt since last week, we think:
It is likely GDPR related
Not all apps have been affected, Bumble does not have this problem but Tinder does
It is happening with both the old Platform API and Graph API, according to a developer who has already migrated to Graph.
No one seems to know anything!
UPDATE:
So it seem's it is in fact a cookie issue on mobile. When a user goes to sign in on mobile view, the 'accept cookie' message that typically appears on web doesn't appear. However, when the error screen pops up, if you click 'Log in' in the top right, it will redirect you to the web view, which lets you accept the new terms and conditions. Then, once you direct back to mobile the cookie seems to have been saved and you can now login. This has worked for us on iOS so far, but not Android, and we still haven't come up with a work-around yet.
This bug has now been fixed.
Thank you all for your comments, individual input, and patience while we worked to address this issue for everyone.
I am happy to report that this particular issue with Instagram login should now be resolved, but if you are still seeing any issues related to this fix, please let us know on this report only.
Since 2AM (ish) this morning, the SSO does no longer work with LinkedIn.
We 100% get the error "the authorization server encountered an unexpected condition".
We did not change our code whatsoever. We tried to switch the LinkedIn developer app to test mode and then back to live mode, but still no luck.
There can be no logs on our end (for the issue is on LinkedIn end), and AFAIK there is no developer log on LinkedIn either (although it could be a pretty useful addition).
Anyone experiencing the same issue? Or anyone have any idea why this could happen all of a sudden?
Thanks!
EDIT: after several attempts (by modifying our OAUTH code in some ways), it always failed. And we decided to create another brand new LinkedIn developer app, and it did work! This is really weird...
I use Oauth via Microsoft and it has worked fine for a while, then a couple of weeks ago (can't remember exactly when) i got some tweet or something from someone saying that they had problems signing in with MS Oauth.
The error i get is this.
https://login.live.com/err.srf?lc=1033#error=invalid_request&error_description=The+provided+value+for+the+input+parameter+'redirect_uri'+is+not+valid.+The+expected+value+is+'https://login.live.com/oauth20_desktop.srf'+or+a+URL+which+matches+the+redirect+URI+registered+for+this+client+application.
The page actually says
"We're unable to complete your request
Microsoft account is experiencing technical problems. Please try again later."
And that indicates that they may actually have some issues but i think it's been like this for a while so i suspect it's just some generic error.
If i look at my request it says.
client_id=[MY CLIENT ID]&scope=wl.basic&response_type=code&redirect_uri=http://dev.ohso.se/login/ExternalLoginCallback/?provider=microsoft&sid=[some id]
I do get the same error on both my dev app and the production app i have setup.
This is how my callback URLs look like. I have tried to add URLS both with ExternalLoginCallback and externallogincallback but it doesn't seems to work. It looks like it's saved but it's gone when you return to the page.
Anyone know how to contat MS to at least report this bug and maybe also get hold of someone that can help debug my problem?
/Ola
OK, got it. The issue is with your request URL, remove / character from ..back/?provid.... Your request URL should be
client_id=[MY CLIENT ID]&scope=wl.basic&response_type=code&redirect_uri=http://dev.ohso.se/login/ExternalLoginCallback?provider=microsoft&sid=[some id]
and you can have any redirect URL #MS
http://dev.ohso.se/login/ExternalLoginCallback
or
http://dev.ohso.se/login/ExternalLoginCallback/
Does anyone know how to fix this issue? I keep on getting this error from Twitter when I try to login on our app. This was happening since May 23, 2013.
Whoa there! The request token for this page is invalid. It may have
already been used, or expired because it is too old. Please go back to
the site or application that sent you here and try again; it was
probably just a mistake.
I also saw some users experiencing this issue in this link
Thanks a lot!
Just throwing it out there. Have you tried resetting the keys in your application management page? Or recreate your access token? (Unless the "Reset keys" option does this also).
I am using the ruby twitter gem and oauth to gain access to users twitter accounts. In my code, I have:
unless #user.twitter_authd?
oauth = Twitter::OAuth.new('token', 'secret')
session[:twitter_request_token] = oauth.request_token.token
session[:twitter_request_secret] = oauth.request_token.secret
#twitter_auth_url = oauth.request_token.authorize_url
end
where token and secret have my actual token and secret inserted. When I click on the link to the #twitter_auth_url, I am taken to twitter and asked to grant access. I click allow and then twitter redirects me to my callback URL http://www.mydomain.com/twitter_callback/?oauth_token=fmy2aMvnjVgaFrz37bJ4JuB8r5xN79gsgDQRG4BNY which then hits this code:
oauth = Twitter::OAuth.new('token', 'secret')
logger.info("session[:twitter_request_token] = #{session[:twitter_request_token]}")
logger.info("session[:twitter_request_secret] = #{session[:twitter_request_secret]}")
oauth.authorize_from_request(session[:twitter_request_token], session[:twitter_request_secret])
session[:twitter_request_token] = nil
session[:twitter_request_secret] = nil
#user.update_attributes({
:twitter_token => oauth.access_token.token,
:twitter_secret => oauth.access_token.secret,
})
redirect_to root_path
The twitter request token and secret are being set just fine. However I end up with an authorization error:
OAuth::Unauthorized in MainController#twitter_callback
401 Unauthorized
RAILS_ROOT: /Users/TAmoyal/Desktop/RoR_Projects/mls
Application Trace | Framework Trace | Full Trace
/Library/Ruby/Gems/1.8/gems/oauth-0.3.4/lib/oauth/consumer.rb:167:in `token_request'
/Library/Ruby/Gems/1.8/gems/oauth-0.3.4/lib/oauth/tokens/request_token.rb:14:in `get_access_token'
/Library/Ruby/Gems/1.8/gems/erwaller-twitter-0.6.13.1/lib/twitter/oauth.rb:29:in `authorize_from_request'
/Users/TAmoyal/Desktop/RoR_Projects/mls/app/controllers/main_controller.rb:70:in `twitter_callback'
The code is failing at this line:
oauth.authorize_from_request(session[:twitter_request_token], session[:twitter_request_secret])
when it tries to get an access token. You can see the source code of authorize_from_request here. I am not sure why this is happening. Anyone have ideas?
A bit late to the party but just ran into the same issue myself. I tracked the issue down to the setup of my OAuth app in Twitter. I had initially not specified a callback URL as I was unsure of it.
Once I had setup my rails app I went back to find Twitter had assumed I was a desktop application as I hadn't specified a callback URL. Once I changed this to website and entered a callback URL I stopped getting 400s.
If you're getting error 401 - OAuth::Unauthorized, make sure you edit the settings of your Twitter application as follows:
Application Type: Browser
Callback URL: http://127.0.0.1:3000/auth/twitter/callback
this is an issue about time synchronization of your system with twitter server.
Twitter doesn't allow localhost as part of a valid callback URL.
Instead use http://127.0.0.1:3000/auth/twitter/callback
Hope this helps
This was one of the most annoying things to debug that I have come across. I was outputting in a couple places by accident because the URL's are dynamic and they happened to not be defined in my test case (i use this to display chart data and there is not enough right now so the google chart api URL's are blank). This caused my browser to make multiple requests to my localhost when some pages were loaded. Somehow that made the oauth process crap out. Obviously there is no way for people on S.O. to know about my application specific issue so I had to answer my own question.
I had this same problem and none of the suggestions in this thread worked for me.
I found the problem for me was the TIMESTAMP on my request. The mobile device I was running my scripts on had a jacked up clock. When I updated the system time on my device to the correct time (i.e. now), all of my requests came back "200 OK" instead of "401 Unauthorized".
This problem seems to be caused by twitter not being able to handle connection keep-alive correctly. Make sure you set connection=close http header in the request to twitter. Wasted a weekend debugging this.
not enough info for me, but when was twitter gem last updated? twitter changed their oauth 'stuff' in mid may approx. perhaps you have an old one. I'd update your question to show the callback_url, and make sure you have the right token and secret, which it looks like you don't have.
also, did you put the right callback url in your twitter app page? alot of times that screws you up too.
if that fails use mbleighs twitter_auth instead. it worked for me and is pretty slick.