Crash using OAuth2 authorization

[zroger]

Expected Behavior

Insomnia opens a browser window to allow the OAuth2 authorization code workflow to proceed.

Actual Behavior

The browser window opens, then Insomnia immediately crashes.

Reproduction Steps

I can reproduce this with my company's Okta server, which uses the Okta IWA Agent. The authorization URL does some stuff in javascript which results in an immediate redirect, at which point there is an ERR_ABORTED raised from the child browser window. This feels similar to electron/electron#17526.

Is there an existing issue for this?

• I have searched the issue tracker for this problem.

Additional Information

Logs from the crash:

[2023-04-27 09:39:01.975] [info]  [main] Window ready, handling command line arguments [ '/Applications/Insomnia.app/Contents/MacOS/Insomnia' ]
[2023-04-27 09:39:59.359] [info]  [oauth2] did-navigate: Loaded "https://***.oktapreview.com/oauth2/***/v1/authorize?response_type=code&client_id=***&redirect_uri=***&scope=openid+profile+email&state=***&code_challenge=***&code_challenge_method=S256"
[2023-04-27 09:39:59.984] [error] Error occurred in handler for 'authorizeUserInWindow': Error: ERR_ABORTED (-3) loading 'https://***/IWA/'
    at rejectAndCleanup (node:electron/js2c/browser_init:2:76998)
    at EventEmitter.navigationListener (node:electron/js2c/browser_init:2:77304)
    at EventEmitter.emit (node:events:513:28)
    at EventEmitter.emit (node:domain:489:12)
    at emitter.emit (/Applications/Insomnia.app/Contents/Resources/app.asar/node_modules/@sentry/electron/main/integrations/electron-breadcrumbs.js:121:20)

I was able to get authorization to work by simply ignoring the ERR_ABORTED raised from child.loadURL in authorizeUserInWindow like this, but I'm not familiar enough with the project to know if this would have unintended consequences.

    try {
      await child.loadURL(url);
    } catch (error) {
      if (error.code === "ERR_ABORTED") {
        return
      }
      // Reject with error to show result in OAuth2 tab
      reject(error);
      // Need to close child window here since an exception in loadURL precludes normal call in
      // _parseUrl
      child.close();
    }

Insomnia Version

2023.2.0

What operating system are you using?

macOS

Operating System Version

13.3.1

Installation method

homebrew

Last Known Working Insomnia version

No response

[chrisjq]

I get the similar error with Implicit Authentication with OKTA:

14:54:36.768 › Running version 2023.3.0
14:54:36.770 › [electron client protocol] successfully set default protocol 'insomnia://'
14:54:36.829 › [fix] Running database repairs
14:54:36.937 › [db] Initialized DB at /Users/User/Library/Application Support/Insomnia/insomnia.$TYPE.db
14:54:36.941 › [db] Init responses DB
14:54:36.944 › [db] Init websocket-responses DB
14:54:36.949 › [localstorage] Initialized at /Users/User/Library/Application Support/Insomnia/localStorage
14:54:36.978 › [main] Loading file:///Applications/Insomnia.app/Contents/Resources/app.asar/index.html
14:54:37.491 › [updater] Using url https://updates.insomnia.rest/builds/check/mac?v=2023.3.0&app=com.insomnia.app&channel=stable
14:54:37.491 › [updater] Checking for updates url=https://updates.insomnia.rest/builds/check/mac?v=2023.3.0&app=com.insomnia.app&channel=stable
14:54:38.220 › [updater] Not Available
14:54:38.425 › [main] Window ready, handling command line arguments [ '/Applications/Insomnia.app/Contents/MacOS/Insomnia' ]
14:54:53.906 › [oauth2] will-redirect: Ignoring URL "https://okta.com/login/login.htm?fromURI=/oauth2/v1/authorize/redirect?okta_key=aaabbbccc". Didn't match /(access_token=|id_token=)/
14:54:54.220 › [oauth2] did-navigate: Ignoring URL "https://okta.com/login/login.htm?fromURI=/oauth2/v1/authorize/redirect?okta_key=aaabbbccc". Didn't match /(access_token=|id_token=)/
14:54:54.426 › Error occurred in handler for 'authorizeUserInWindow': Error: ERR_ABORTED (-3) loading 'https://oktasso.net/IWA/'
    at rejectAndCleanup (node:electron/js2c/browser_init:2:77333)
    at EventEmitter.navigationListener (node:electron/js2c/browser_init:2:77639)
    at EventEmitter.emit (node:events:513:28)
    at EventEmitter.emit (node:domain:489:12)
    at emitter.emit (/Applications/Insomnia.app/Contents/Resources/app.asar/node_modules/@sentry/electron/main/integrations/electron-breadcrumbs.js:121:20)
[16906:0628/145454.601445:ERROR:child_thread_impl.cc(231)] Invalid PlatformChannel receive right
Segmentation fault: 11

[chrisjq]

According to the electron docs the url load failed because of the error code was probably caused by the redirecting before the page is fully loaded. -3 Abort Error "An operation was aborted (due to user action)." should probably be ignored.

[chrisjq]

Event is actually generated from here when url redirects.