-
Notifications
You must be signed in to change notification settings - Fork 5.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
auth-node: Refresh handler not returning persisted scope in response #20364
Conversation
The refresh handler is returning an empty scope if scope was previously saved in a cookie. The session is successfully refreshed but the client receives a response without the scope it requested, prompting a new login. Resolves backstage#20322 Signed-off-by: Adam Kunicki <kunickiaj@gmail.com>
Changed Packages
|
Uffizzi Preview |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great find and fix! 🎉 🙏
Thank you for digging into this issue, been as bit occupied by CI failures and other ongoing things 😅 ❤️
Thank you for contributing to Backstage! The changes in this pull request will be part of the |
Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
Patch release in #20367 |
Hi, We are seeing a similar issue where this issue where logging in to github through 'backstage-plugin-github-pull-requests' widget also logs in to github authenticator provider, But logging in to github authenticator provider does not login to github for 'backstage-plugin-github-pull-requests' widget This issue can be reproduced with below steps.
I see that the fix for "scope: result.session.scope," was made only to one location in file plugins/auth-node/src/oauth/createOAuthRouteHandlers.ts but it is present at two locations. Can this be an issue? |
@xyzmurali it would be best to log this as an issue as it's not going to be followed up easily here 👍 |
Thank you, i submitted issue #24652 |
Fix OAuth refresh handler in auth-node prompting for re-login on page reload.
The refresh handler is returning an empty scope if scope was previously saved in a cookie. The session is successfully refreshed but the client receives a response without the scope it requested, prompting a new login.
This should also be backported to 1.18.x
Resolves #20322
✔️ Checklist
Signed-off-by
line in the message. (more info)