PermissionDenied "Invalid OAuth2 state token"
adarqui opened this issue · 4 comments
Hey, this is probably an issue on my end. I'm just wondering if anyone here has an idea of what might be causing this.
Basically, my yesod application works fine when run via yesod-devel, using yesod-auth-oauth2 with github authentication. However, once I stack install and run the yesod executable, I receive the following error when trying to authenticate via oauth2:
09/Aug/2016:16:25:01 -0400 [Warn] Error Resp: PermissionDenied "Invalid OAuth2 state token" @(lnyes_4D1wOKkkmUi5qjiLquQeY0:LN.Foundation src/LN/Foundation.hs:164:9)
I feel like i've run into this before in in the past but, can't remember how I fixed it (if I ever did).
Anyway idea? I'm still trying to figure out but, no luck so far.
Thanks!
I have a similar (or maybe even the same issue). When I try to login, using Oauth2 and Github, I see the error you mentioned but also the following error in the URL error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.
Therefore I think the problem is, that the URL does not match exactly. I recently switched to ApprootRelative (see pSub/pascal-wittmann.de@699072d). If I revert this change the login works again. I'll try to investigate further in the following days.
ApprootRelative is not supported according to https://groups.google.com/forum/#!msg/yesodweb/OxOzQuaCXjA/Od6j0DqL-AsJ
@pSub, indeed you cannot use ApprootRelative with this kind of plugin; the whole OAuth2 system requires knowing a full URL.
Via #101 I can say confidently GitHub is working fine, so if you're seeing errors @adarqui please provide some more information (e.g. a verion of example.hs that reproduces for you). If not, I'm going to go ahead and close this as stale.
Closing optimistically. Feel free to re-open if you've got more details.